163
New vulnerability in SMS messaging could expose smartphone users' location to hackers, researcher says (arxiv.org)
submitted 1 year ago* (last edited 1 year ago) by 0x815@feddit.de to c/technology@beehaw.org
32 comments fedilink hide all child comments

Evangelos Bitsikas, who is pursuing a PhD in cybersecurity at the Northwestern University in the US, applied a new machine-learning program to data gleaned from the SMS system of mobile devices.

Receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. Bitsikas developed an ML model enabling the SMS sender to determine the recipient's location with a 96% accuracy for locations across different countries, the researcher says in a study.

The basic idea is that a hacker would send multiple text messages to the target phone, and the timing of each automated delivery reply creates a fingerprint of the target's location. These fingerprints have ever been there but weren't a problem until Bitsikas' group used ML to develop an algorithm capable of reading them. They can be fed into the machine-learning model, which then responds with the predicted location.

According to the researcher, it doesn't matter whether or not the communication is encrypted.

you are viewing a single comment's thread
view the rest of the comments
[-] interolivary@beehaw.org 53 points 1 year ago

So it's not actually a smartphone vulnerability as much as it is an SMS (or any other similar system with delivery receipts) vulnerability? Your old brick of a Nokia phone would have this same problem

[-] Kazumara@feddit.de 20 points 1 year ago

Yes, especially since the delivery report is generated by the SMCS, not the end device.

[-] 0x815@feddit.de 5 points 1 year ago

So it's not actually a smartphone vulnerability as much as it is an SMS vulnerbility?

It indeed is, that's right. I changed the headline. Thanks.

this post was submitted on 30 Jul 2023
163 points (100.0% liked)

Technology

37708 readers
396 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org