Researchers Warn About SMS Location Tracking Flaw That Puts Millions Of Android Phones At Risk: How To Stay Safe
Researchers have issued a warning against a new vulnerability in text messaging that may allow hackers to trace users’ locations. The research group, led by Evangelos Bitsikas, a US-based-Northeastern University PhD student, explains that this flaw allows hackers to track a user’s location using a machine-learning program and data from the SMS system. By obtaining the victim’s phone number and normal network access, hackers can monitor the victim’s location worldwide.
“Just by knowing the phone number of the user victim, and having normal network access, you can locate that victim,” said Bitsikas. He further notes that despite some improvements in SMS security over the years, this flaw persists due to the timing of delivery notifications, which enables attackers to automatically triangulate the victim’s location when a text is sent, reports Northeastern Global News.
What is the vulnerability Hackers can track location using SMS
Bitsikas explains that the vulnerability lies in the automated delivery notification feature of SMS. When a user receives a text message, their phone automatically sends a delivery receipt with a timestamp indicating their location. Though this feature wasn’t initially problematic, according to Bitsikas, hackers can now employ machine learning to create an algorithm capable of detecting these timestamps and detecting the user’s location.
The study further reveals that to use machine learning to find a location, hackers will only need the target victim’s phone number and have regular network access. By sending multiple text messages to the victim’s phone, the hacker can then monitor the timing of the automated delivery replies and collect location data fingerprints, irrespective of whether the communications are encrypted.
To reveal the vulnerability with the fingerprint stamp in SMS,, the researchers used a machine-learning model to feed and test the data, which resulted in revealing the real-time location of the targeted individual.
In conclusion, the researchers point out that hackers can track a user’s location using SMS by exploiting the automated delivery notification feature and employing machine learning to predict their location based on the timestamps received from the victim’s phone.
Smartphones which are vulnerable
As of now, the vulnerability has been observed mainly in Android operating systems. Bitsikas’ research group has not found evidence of the flaw being actively exploited, but they caution that advanced attackers, state-sponsored agencies, or hacker groups with more significant resources might exploit this weakness in the future.
HOW TO STAY SAFE
While there have not been any reported cases of hackers using machine learning to track locations through SMS, given the potential seriousness of this vulnerability, it is essential to take steps to protect your privacy and safety. Here are some ways you can possibly keep your device safe from such cyber attacks.
- Be cautious with SMS: Consider reducing your reliance on traditional SMS for sensitive communications. You can use encrypted messaging apps like WhatsApp, which offer more robust security features.
- Regular Updates: Keep your smartphone’s operating system and apps up-to-date to ensure you have the latest security patches and improvements.
- Limit sharing your phone number: Be mindful about sharing your phone number publicly, especially on social media platforms.
- Disable read receipts: Check your phone settings and disable read receipts for SMS if possible, as it may reduce the amount of location data exposed.
- Educate yourself about cybersecurity: Stay informed about the latest threats and how to protect yourself online