According to Northeastern Ph.D. student Evangelos Bitsikas, a newly identified vulnerability in text messaging may allow attackers to track your whereabouts.
His research team discovered the issue by using a sophisticated machine-learning algorithm to analyze data from the comparatively rudimentary SMS system that has powered texting in mobile phones since the early 1990s. His work is available on the pre-print service arXiv.
“You can locate that victim simply by knowing the phone number of the user victim and having normal network access,” adds Bitsikas, who will formally present his discovery at the 32nd USENIX Security Symposium in Anaheim, California. “Eventually, this leads to the user being tracked to various locations around the world.”
SMS security has improved marginally since its inception for 2g networks three decades ago, according to Bitsikas. When you get a text message, your phone instantly sends a notification to the sender, which is essentially a receipt of delivery.
RELATED: The Technological Gap That Allows Hackers To Manipulate Surveillance Cameras
A hacker would use Bitsikas’ approach to send several text messages to your telephone. Regardless of whether your communications are encrypted, the timing of your automated delivery responses would allow the hacker to triangulate your location.
Each automatic delivery notice delivered by your phone leaves a digital imprint of your whereabouts. Those fingerprints weren’t a problem until Bitsikas’ team employed machine learning to create an algorithm that could detect them.
“Once the machine-learning model is established, the attacker is ready to send a few SMS messages,” explains Bitsikas, a cybersecurity Ph.D. candidate. “The results are fed into the machine-learning model, which will then respond with the predicted location.”
RELATED: Chinese Hackers Target Critical US Bases On Guam, According To Microsoft
Bitsikas has discovered no evidence that the vulnerability, which has so far been exploited through Android operating systems, is actively being abused.
“This does not rule out the possibility that [hackers] will use it in the future,” Bitsikas explains. “Scaling the method may be tough. The attacker will need to have Android smartphones in numerous locations delivering messages and calculating answers every hour. Depending on how many fingerprints the attacker wants to capture, the collecting process can take days or weeks.
“Not only is it difficult to collect and analyze data, but there is also the issue of sufficiently and appropriately configuring the machine-learning model, which is related to deep learning.”
RELATED: Hackers Claim To Have Extensive Access To Western Digital Systems
According to Bitsikas, the risk is that a well-funded organization may exploit the issue to track down political officials, activists, CEOs, and others who wish to remain anonymous.
“We are researchers with limited resources, and we are not experts in data science,” Bitsikas describes his team. “What I’m concerned about is that advanced attackers—hacker groups, state-sponsored agencies, and police, all of whom have more resources—will be able to have a greater impact with this type of attack.”
Bitsikas shared the research with the GSMA, a global association of over 15,000 member specialists that supervises the health and welfare of the mobile ecosystem, before it was published.
“Our findings and results have been verified by GSMA,” Bitsikas said. “They acknowledged the results, stating that this is a difficult problem to solve given the cost and effort required to deploy complete countermeasures.”
According to Bitsikas, closing the vulnerability would necessitate a complete rewrite of the global SMS system. He has been informed that the GSMA intends to implement countermeasures that will make the hack more difficult to execute—but will not completely close the window.
“It’s not like Microsoft or Apple developing a software patch to address a security vulnerability,” Bitsikas explains. “These networks cannot be instantly changed everywhere.”
Bitsikas intends to conduct future research that will build on this discovery.
Download The Radiant App To Start Watching!
Web: Watch Now
LGTV™: Download
ROKU™: Download
XBox™: Download
Samsung TV™: Download
Amazon Fire TV™: Download
Android TV™: Download