[ad_1]
Scientists have found that SMS messages can give away the location of the user
Using the basic principles of 2G networks, an attacker can determine the geolocation of the SMS recipient with 96%.
Scientists from Switzerland and Germany have shown that simply by receiving SMS messages, a user can unwittingly reveal their location to other network users. In his work published at www.arXiv.org experts demonstrate how to analyze the delivery time of SMS messages to determine where the recipient is
SMS (Short Message Service) is one of the most popular communication channels since its inception in 2G networks. However, scientists have found that receiving an SMS inevitably generates delivery reports that are returned to the sender. These reports contain information about the delivery time, which depends on the distance between the sender and the recipient, as well as on the network load.
Scientists conducted experiments in different countries, with different carriers and devices, to show that an attacker can figure out the location of an SMS recipient by analyzing delivery time measurements from typical receiving locations. Their results show that after training a machine learning model, an SMS sender can pinpoint multiple recipient locations. For example, the model achieves up to 96% accuracy for locations in different countries and 86% for two locations in Belgium.
Components and steps of SMS positioning
The scientists note that due to the way cellular networks are designed, it is difficult to prevent delivery reports from returning to the sender, making it difficult to counter this stealth attack without fundamental changes to the network architecture.
In their work, scientists also talk about how their attack works on the example of two types of SMS messages: regular and “silent”. Regular SMS messages are visible to the recipient on the phone screen, while “silent” SMS messages have no content and are not displayed on the recipient’s device. However, both message types generate delivery reports that can be used to analyze delivery times.
Scientists also suggest several ways to protect against such an attack, such as using encrypted messaging applications, blocking “silent” SMS messages, or disabling delivery reports at the carrier level.
[ad_2]
Source link
www.securitylab.ru