Evangelos Bitsikas, who is pursuing a PhD in cybersecurity at the Northwestern University in the US, applied a new machine-learning program to data gleaned from the SMS system of mobile devices.
Receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. Bitsikas developed an ML model enabling the SMS sender to determine the recipient's location with a 96% accuracy for locations across different countries, the researcher says in a study.
The basic idea is that a hacker would send multiple text messages to the target phone, and the timing of each automated delivery reply creates a fingerprint of the target's location. These fingerprints have ever been there but weren't a problem until Bitsikas' group used ML to develop an algorithm capable of reading them. They can be fed into the machine-learning model, which then responds with the predicted location.
According to the researcher, it doesn't matter whether or not the communication is encrypted.
I blame apple for this. They are using imessage and the green bubbles as marketing to get people to buy their hardware. So it's either you talk to people with iPhones or you use sms.
Meanwhile Google has been trying to get apple to use RCS for years. I would be curious if RCS and iMessage are susceptible. I didn't see anything about them when I glanced through your link.
Google's version of RCS involves sending everything through their own servers. Apple even considering that would be a massive violation of their user's expectation of privacy.
The carriers refused to do it one their own so Google had to provide the servers themselves. Apple could do the same, but we all know they won't and never will. If it wasn't this excuse it would be another one.
Oh great, so then when will apple be releasing their open standard for secure and feature rich texting?
...waits decades....
Oh yeah that's right, doing so would prevent them from pretending that things jUsT wOrKiNg is only something an apple product is capable of because any other product is obviously garbage.
We all know the reason apple often avoids standards is purely for profit. They do it knowing it is bad for their users. So let's not pretend that privacy is all they care about. At least google attempted a standard. And yes Google sucks ass. But I have more respect for a company that believes in standards than one whose business model only works because they strategically avoid them
Google attempted an open standard, carriers refused. Apple actively refuses to participate or help. Not sure why so many apple simps can't ever acknowledge that standards are important. It's likely if you look around you at any given moment, you'll dozens of vital everyday products that are cheap or possible due to standards. The rest of computing is built heavily on standards. Standards === modern society. Yet apple can do no wrong if they explicitly dodge standards for profit.
Apple supporting any standard Google has significant weight in forming is an inexcusable "fuck you" to every one of their customers. This isn't defending Apple because they're Apple. It's "I would be completely apeshit at Apple if they did anything as fucking disgusting as supporting Google's fucking trash protocol."
It's fucking terrible. I'm fine with an actual formal standard Google has an identical (much less than half) stake to Apple with. It's literally impossible for anything else to be forgivable under any circumstance.
Again, point me to apple's attempts to implement or help create a texting standard. Unless you'd like to instead say that standards are not an extremely important part of human society. Because unless you believe that, their actions are indefensible and that's a separate issue from how fucked up Google is.