A recent study conducted by researchers from multiple colleges has shed light on a stealthy SMS side-channel attack that exposes the location of the recipient. The researchers involved in this study include Evangelos Bitsikas from Northeastern University, Theodor Schnitzler from Research Center Trustworthy Data Science and Security, Christina Pöpper from New York University Abu Dhabi, and Aanjhan Ranganathan, also from Northeastern University.
The SMS side-channel attack takes advantage of the vulnerabilities present in the GSMA network, which powers SMS technology. By analyzing the timing of SMS messages, the sender can accurately determine the receiver’s location with a 96% accuracy rate in multiple countries. This attack is significant since it has implications for most cell phone networks worldwide, as they rely on the GSMA network.
The researchers specifically focused on SMS communication, as it is widely used for 2G communication by the general public, despite the availability of other options like 3G and 4G. They discovered that receiving SMS Delivery Reports after receiving an SMS message activates a timing attack vulnerability. The recipient has no control over the SMS Delivery Reports feature, making it susceptible to misuse by attackers.
To carry out the attack, the sender needs to send multiple SMS messages to the target. These messages can either be presented as marketing messages that the target is likely to dismiss or be sent as silent SMS messages. Silent SMS messages do not trigger any notifications on the target device but are still acknowledged as received by the device’s SMSC.
To test their findings, the researchers sent sets of 20 silent SMS messages every hour for three days to test devices located in the United States, the United Arab Emirates, and seven European nations. They included ten different operators in the experiment to analyze communication technologies and variations based on different generations.
The attack leverages various network delay factors, including UE Processing, Propagation Delay, Routing Delay, and Processing Delay. By analyzing the timing patterns between sending and receiving SMS messages, the attacker can uncover the location of their target. The researchers used the Multilayer Perceptron (MLP) as a classifier for location classification. The MLP is a versatile classifier accessible through Python’s SKLearn libraries and demonstrated remarkable performance with large amounts of data.
The study found that existing countermeasures against similar attacks are ineffective against this specific side-channel attack. Even if the world were inaccessible, the accuracy rate of over 90% still poses a significant privacy risk to individuals.
This research highlights the need for improved security measures in SMS technology to protect against side-channel attacks. Given the widespread use of SMS communication, it is crucial to address these vulnerabilities to prevent the misuse of location information.