this post was submitted on 30 Jul 2023
163 points (100.0% liked)

Technology

37727 readers
624 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Evangelos Bitsikas, who is pursuing a PhD in cybersecurity at the Northwestern University in the US, applied a new machine-learning program to data gleaned from the SMS system of mobile devices.

Receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. Bitsikas developed an ML model enabling the SMS sender to determine the recipient's location with a 96% accuracy for locations across different countries, the researcher says in a study.

The basic idea is that a hacker would send multiple text messages to the target phone, and the timing of each automated delivery reply creates a fingerprint of the target's location. These fingerprints have ever been there but weren't a problem until Bitsikas' group used ML to develop an algorithm capable of reading them. They can be fed into the machine-learning model, which then responds with the predicted location.

According to the researcher, it doesn't matter whether or not the communication is encrypted.

all 31 comments
sorted by: hot top controversial new old
[–] interolivary@beehaw.org 53 points 1 year ago (2 children)

So it's not actually a smartphone vulnerability as much as it is an SMS (or any other similar system with delivery receipts) vulnerability? Your old brick of a Nokia phone would have this same problem

[–] Kazumara@feddit.de 20 points 1 year ago

Yes, especially since the delivery report is generated by the SMCS, not the end device.

[–] 0x815@feddit.de 5 points 1 year ago

So it's not actually a smartphone vulnerability as much as it is an SMS vulnerbility?

It indeed is, that's right. I changed the headline. Thanks.

[–] arcrust@lemmy.ml 19 points 1 year ago (2 children)

I blame apple for this. They are using imessage and the green bubbles as marketing to get people to buy their hardware. So it's either you talk to people with iPhones or you use sms.

Meanwhile Google has been trying to get apple to use RCS for years. I would be curious if RCS and iMessage are susceptible. I didn't see anything about them when I glanced through your link.

[–] conciselyverbose@kbin.social 12 points 1 year ago (1 children)

Google's version of RCS involves sending everything through their own servers. Apple even considering that would be a massive violation of their user's expectation of privacy.

[–] rambaroo@beehaw.org 4 points 1 year ago* (last edited 1 year ago) (1 children)

The carriers refused to do it one their own so Google had to provide the servers themselves. Apple could do the same, but we all know they won't and never will. If it wasn't this excuse it would be another one.

[–] conciselyverbose@kbin.social 3 points 1 year ago (1 children)

Apple doing their own wouldn't result in any of the benefits people want. The open spec doesn't support shit.

It's not a good standard. It's not a mediocre standard. It's complete fucking horseshit that only works with Google's proprietary implementation.

Apple supporting RCS would be a massive betrayal of their customers. It's not remotely redeemable.

[–] tiredOfFascists@reddthat.com 7 points 1 year ago (1 children)

Oh great, so then when will apple be releasing their open standard for secure and feature rich texting?

...waits decades....

Oh yeah that's right, doing so would prevent them from pretending that things jUsT wOrKiNg is only something an apple product is capable of because any other product is obviously garbage.

We all know the reason apple often avoids standards is purely for profit. They do it knowing it is bad for their users. So let's not pretend that privacy is all they care about. At least google attempted a standard. And yes Google sucks ass. But I have more respect for a company that believes in standards than one whose business model only works because they strategically avoid them

[–] conciselyverbose@kbin.social 3 points 1 year ago (1 children)

I'm not sure what point you think you're making.

The RCS people have experience with is no more open than iMessage. It's not even sort of better at anything.

Supporting RCS is not acceptable. It's a massive privacy issue.

[–] tiredOfFascists@reddthat.com 3 points 1 year ago (1 children)

Google attempted an open standard, carriers refused. Apple actively refuses to participate or help. Not sure why so many apple simps can't ever acknowledge that standards are important. It's likely if you look around you at any given moment, you'll dozens of vital everyday products that are cheap or possible due to standards. The rest of computing is built heavily on standards. Standards === modern society. Yet apple can do no wrong if they explicitly dodge standards for profit.

[–] conciselyverbose@kbin.social 3 points 1 year ago (1 children)

No, Google did not. They want control.

Apple supporting any standard Google has significant weight in forming is an inexcusable "fuck you" to every one of their customers. This isn't defending Apple because they're Apple. It's "I would be completely apeshit at Apple if they did anything as fucking disgusting as supporting Google's fucking trash protocol."

It's fucking terrible. I'm fine with an actual formal standard Google has an identical (much less than half) stake to Apple with. It's literally impossible for anything else to be forgivable under any circumstance.

[–] tiredOfFascists@reddthat.com 2 points 1 year ago (1 children)

You're ignoring the part where Google tried and carriers and apple refused.. That's not some irrelevant detail

[–] conciselyverbose@kbin.social 2 points 1 year ago* (last edited 1 year ago) (1 children)

Because it's not even sort of based reality.

Google never at any point had any interest in not having control.

Google fronting a "standard", by itself, makes it unacceptable. Everything they touch they hijack to take data that isn't theirs.

[–] tiredOfFascists@reddthat.com 1 points 1 year ago (1 children)

Again, point me to apple's attempts to implement or help create a texting standard. Unless you'd like to instead say that standards are not an extremely important part of human society. Because unless you believe that, their actions are indefensible and that's a separate issue from how fucked up Google is.

[–] conciselyverbose@kbin.social 2 points 1 year ago (1 children)

A standard controlled by Google is many times worse than a standard not existing.

An actual acceptable standard must come from an impartial third party. Apple should absolutely not be proposing one either.

[–] tiredOfFascists@reddthat.com 2 points 1 year ago

I'll take this as an upfront admission that apple is not only opposed to standards but actively avoidant of them when it is profitable, rather than the deflection it was meant to be.

You seem knowledgeable enough to know that standards are usually contributed to by corporations and that this has many many times not ruined them. The whole web is built on this fact. But unfortunately your zealotry blinds you to what your priorities ought to be, standards for everyone's benefit.

[–] LootGoblin42@beehaw.org 1 points 1 year ago

Google is evil. Apple is the good guy in this situation.

[–] flyoverstate@kbin.social 12 points 1 year ago (1 children)

my smartphone is tracking me?! pikachugasp.exe

[–] Deez@lemm.ee 10 points 1 year ago

It’s not so much your smartphone tracking you, but the ability of someone to send you a text and get your location.

[–] eleitl@lemmy.ml 10 points 1 year ago (1 children)

Silent SMS are working as designed. There is a reason they are called silent.

[–] jet@hackertalks.com 10 points 1 year ago (1 children)

This is another excellent reason to never give anyone at all your cell phone number. Give them a voice number, like Google voice, Google Fi, voip.ms. The number of people have should not be the number attached to the device you walk around with.

Then if somebody wants to track you by your phone number they'll have to go to the phone service who is not connected directly to your phone other than through the internet. And then they'll have to track you through the internet. So it won't be a data broker selling your location data enmass indexable by your known phone number.

[–] honk@feddit.de 13 points 1 year ago (3 children)

This type of attack theoretically also works with signal or telegram or whatever message service that works entirely without a phone number.

This is unlikely to work for internet messaging services. If you're finding the location of the phone based on the location of the tower that delivers the message to the phone, the analogous part in modern internet messaging services would be a cloud server in a cloud data center hub. There are few of these in the world, so even if you could narrow it down that way, you'd end up with vague locations like "western North America" or "Europe".

Additionally, the routing of messages in internet messaging services is usually not so sophisticated. You can only tell the difference between sending a message to somebody from their east and sending a message to somebody from their west if the message is taking a different route to get to the user based on the physical direction. If the path of the message is always sender->infrastructure->central database->infrastructure->receiver, you change only change the sender->infrastructure and maybe the infrastructure->central db latency. Without being able to change the path the message takes back out of the system to the target, you can't gain any useful information.

It should work with direct IP networking, but for locating IP addresses we already have location databases and traceroute so it wouldn't be necessary. Maybe it could work if there was a pseudo p2p service where clients connect to the nearest Cloudflare edge compute node or something and then the nodes connect directly between each other at the IP layer, because in that case you would be going through sufficiently sophisticated internet routing but the target's IP wouldn't be available for a less sophisticated and more accurate approach.

[–] jet@hackertalks.com 2 points 1 year ago (1 children)

I don't think I understand the attack then. So a timing attack on Read receipts gives you approximate location how?

I understood the SMS case because the tower data could then be extrapolated. But if we're just talking about a standard internet application like signal. The read receipts are coming over the internet and not coming from Tower records.

Or at least that's my understanding. If I have a computer attached to some point on the internet. People could use ping timings to theoretically restrict the location but not very accurately right?

[–] honk@feddit.de 5 points 1 year ago (1 children)

You just measure the time until the delivery recipe arrives. You can approximate how far away the recipient is. Now you keep doing that while changing your own location (use vpns etc.) and you can slowly get a more accurate location of the target. Now you automate that stuff and also utilize machine learning to interpret the data.

[–] jet@hackertalks.com 1 points 1 year ago

That makes sense. It wouldn't give you very accurate data. But it'll get you within a hundred kilometers or so?

Though it seems like the solution here isn't always on VPN. So the measurements would only get to your VPN endpoint. Which is trivial to know by the IP address

Haha, great...

[–] philluminati@lemmy.ml 3 points 1 year ago* (last edited 1 year ago)

If it’s based on the timing of replies it can be fixed in an iPhone update by simply waiting a few random seconds or minutes before firing a response.

[–] TehPers@beehaw.org 1 points 1 year ago

If I understand this correctly, isn't this solved by randomly adding delays on the cell towers to these delivery reports? I'm not too familiar with the SMS protocol, but I can't imagine adding a little jitter would hurt much of anything.