In their technical report, the security researchers (a group of researchers from TU Dortmund University, Ruhr-Universitat Bochum, Radboud University in the Netherlands, Northeastern University USA and New York University in Abu Dhabi) analyzed that this timing attack could work sufficiently well to locate the recipient's country, city and district, and even find out if he is connected to WiFi or mobile Internet. To do so, he simply needs to send him a new message and measure the time taken for delivery status notifications. In this way, the researchers obtained a kind of calibration network.įollowing this, an attacker could find out where the recipient of the message is at any time in the future. The approach is based on the fact that in a kind of preparatory work phase, the delays in sending messages sent to recipients whose location becomes known in advance are measured. The map above shows the locations of Messenger users that the security researchers were able to identify in this way. The trick involves measuring the time it takes for the attacker to receive notification of the delivery status of a message sent to the target. This is possible via a specially developed timing attack. The security researchers state that this makes it possible to determine the locations of users of popular instant messenger apps with more than 80% accuracy. An anonymous blog reader has posted a link to the blog post Timing Attacks on WhatsApp, Signal, and Threema can Reveal User Location from Sven Taylor (thanks for the hint).īecause mobile Internet networks and the server infrastructure of instant messenger apps have specific physical characteristics that result in standard signal paths, these notifications have predictable delays that depend on the user's location.
0 Comments
Leave a Reply. |