Evangelos Bitsikas, who is pursuing a PhD in cybersecurity at the Northwestern University in the US, applied a new machine-learning program to data gleaned from the SMS system of mobile devices.
Receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. Bitsikas developed an ML model enabling the SMS sender to determine the recipient’s location with a 96% accuracy for locations across different countries, the researcher says in a study.
The basic idea is that a hacker would send multiple text messages to the target phone, and the timing of each automated delivery reply creates a fingerprint of the target’s location. These fingerprints have ever been there but weren’t a problem until Bitsikas’ group used ML to develop an algorithm capable of reading them. They can be fed into the machine-learning model, which then responds with the predicted location.
According to the researcher, it doesn’t matter whether or not the communication is encrypted.
If I understand this correctly, isn’t this solved by randomly adding delays on the cell towers to these delivery reports? I’m not too familiar with the SMS protocol, but I can’t imagine adding a little jitter would hurt much of anything.
If it’s based on the timing of replies it can be fixed in an iPhone update by simply waiting a few random seconds or minutes before firing a response.
I blame apple for this. They are using imessage and the green bubbles as marketing to get people to buy their hardware. So it’s either you talk to people with iPhones or you use sms.
Meanwhile Google has been trying to get apple to use RCS for years. I would be curious if RCS and iMessage are susceptible. I didn’t see anything about them when I glanced through your link.
Google’s version of RCS involves sending everything through their own servers. Apple even considering that would be a massive violation of their user’s expectation of privacy.
The carriers refused to do it one their own so Google had to provide the servers themselves. Apple could do the same, but we all know they won’t and never will. If it wasn’t this excuse it would be another one.
Apple doing their own wouldn’t result in any of the benefits people want. The open spec doesn’t support shit.
It’s not a good standard. It’s not a mediocre standard. It’s complete fucking horseshit that only works with Google’s proprietary implementation.
Apple supporting RCS would be a massive betrayal of their customers. It’s not remotely redeemable.
So it’s not actually a smartphone vulnerability as much as it is an SMS (or any other similar system with delivery receipts) vulnerability? Your old brick of a Nokia phone would have this same problem
my smartphone is tracking me?! pikachugasp.exe
