Security News > 2023 > June > SMS delivery reports can be used to infer recipient's location
A team of university researchers has devised a new side-channel attack named 'Freaky Leaky SMS,' which relies on the timing of SMS delivery reports to deduce a recipient's location.
The researchers developed a machine learning algorithm that analyzes timing data in these SMS responses to find the recipient's location at an accuracy of up to 96% for locations across different countries and up to 86% for two locations in the same country.
The attacker will first have to collect some measurement data to make concrete correlations between the SMS delivery reports and the known locations of their target.
Next, they measured the SMS delivery reports timing in each case and aggregated the data with the matching location signatures to generate a comprehensive ML evaluation dataset.
The experiment focuses on "Closed world" attack scenarios, meaning the classification of the target's location on one of the pre-determined locations.
For Greece, the model delivered a notable average of 79% correct location predictions for three locations and reached 82% in the best case.