Evangelos Bitsikas, who is pursuing a PhD in cybersecurity at the Northwestern University in the US, applied a new machine-learning program to data gleaned from the SMS system of mobile devices.

Receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. Bitsikas developed an ML model enabling the SMS sender to determine the recipient’s location with a 96% accuracy for locations across different countries, the researcher says in a study.

The basic idea is that a hacker would send multiple text messages to the target phone, and the timing of each automated delivery reply creates a fingerprint of the target’s location. These fingerprints have ever been there but weren’t a problem until Bitsikas’ group used ML to develop an algorithm capable of reading them. They can be fed into the machine-learning model, which then responds with the predicted location.

According to the researcher, it doesn’t matter whether or not the communication is encrypted.

  • honk@feddit.de
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    You just measure the time until the delivery recipe arrives. You can approximate how far away the recipient is. Now you keep doing that while changing your own location (use vpns etc.) and you can slowly get a more accurate location of the target. Now you automate that stuff and also utilize machine learning to interpret the data.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      That makes sense. It wouldn’t give you very accurate data. But it’ll get you within a hundred kilometers or so?

      Though it seems like the solution here isn’t always on VPN. So the measurements would only get to your VPN endpoint. Which is trivial to know by the IP address