San Francisco, July 30 – Researchers have discovered a new vulnerability in text messaging that may enable attackers to trace users’ location.
The research group, led by Evangelos Bitsikas, a US-based-Northeastern University PhD student, exposed the flaw by applying a sophisticated machine-learning programme to data gleaned from the relatively primitive SMS system that has driven texting in mobile phones since the early 1990s, reports Northeastern Global News.
“Just by knowing the phone number of the user victim, and having normal network access, you can locate that victim,” said Bitsikas.
“Eventually this leads to tracking the user to different locations worldwide,” he added.
SMS security has improved marginally since its inception for 2G networks three decades ago, according to Bitsikas. When users get a text message, their phone instantly sends a notification to the sender, which is essentially a receipt of delivery.
A hacker would use Bitsikas’ approach to send several text messages to users’ telephones. The timing of their automated delivery replies would enable the hacker to triangulate their location — regardless of whether their communications are encrypted, according to the report.
“Once the machine-learning model is established, then the attacker is ready to send a few SMS messages. The results are fed into the machine-learning model, which will respond with the predicted location,” Bitsikas said.
Moreover, the report mentioned that Bitsikas has discovered no evidence that the vulnerability, which has so far been exploited through Android operating systems, is actively being exploited.
“This does not mean that (hackers) aren’t going to make use of it later on,” Bitsikas said.
The procedure might be difficult to scale. In order to do this, the attacker will need to have Android devices in multiple locations sending messages every hour and calculating the responses. A collection of fingerprints can take days or weeks, depending on how many are sought by the attacker, the report said.
Meanwhile, over two-thirds (68 per cent) of manufacturing companies hit by ransomware attacks globally had their data encrypted by hackers, according to the report by Sophos.
This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.