Evangelos Bitsikas, who is pursuing a PhD in cybersecurity at the Northwestern University in the US, applied a new machine-learning program to data gleaned from the SMS system of mobile devices.

Receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. Bitsikas developed an ML model enabling the SMS sender to determine the recipient’s location with a 96% accuracy for locations across different countries, the researcher says in a study.

The basic idea is that a hacker would send multiple text messages to the target phone, and the timing of each automated delivery reply creates a fingerprint of the target’s location. These fingerprints have ever been there but weren’t a problem until Bitsikas’ group used ML to develop an algorithm capable of reading them. They can be fed into the machine-learning model, which then responds with the predicted location.

According to the researcher, it doesn’t matter whether or not the communication is encrypted.

You are viewing a single thread.
View all comments View context
12 points

Google’s version of RCS involves sending everything through their own servers. Apple even considering that would be a massive violation of their user’s expectation of privacy.

permalink
report
parent
reply
4 points
*

The carriers refused to do it one their own so Google had to provide the servers themselves. Apple could do the same, but we all know they won’t and never will. If it wasn’t this excuse it would be another one.

permalink
report
parent
reply
3 points

Apple doing their own wouldn’t result in any of the benefits people want. The open spec doesn’t support shit.

It’s not a good standard. It’s not a mediocre standard. It’s complete fucking horseshit that only works with Google’s proprietary implementation.

Apple supporting RCS would be a massive betrayal of their customers. It’s not remotely redeemable.

permalink
report
parent
reply
7 points

Oh great, so then when will apple be releasing their open standard for secure and feature rich texting?

…waits decades…

Oh yeah that’s right, doing so would prevent them from pretending that things jUsT wOrKiNg is only something an apple product is capable of because any other product is obviously garbage.

We all know the reason apple often avoids standards is purely for profit. They do it knowing it is bad for their users. So let’s not pretend that privacy is all they care about. At least google attempted a standard. And yes Google sucks ass. But I have more respect for a company that believes in standards than one whose business model only works because they strategically avoid them

permalink
report
parent
reply

Technology

!technology@beehaw.org

Create post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

Community stats

  • 2.8K

    Monthly active users

  • 3.4K

    Posts

  • 78K

    Comments