This new smartphone vulnerability is allowing hackers to track user location – Times of India

Hackers are coming up with new ways to trick their victims. Now researchers have discovered a new security flaw in smartphones that can be misused by scammers. This vulnerability was found in text messaging that may enable attackers to trace users’ locations.

According to a report by Northeastern Global News, a research group led by US-based-Northeastern University PhD student Evangelos Bitsikas, has exposed the flaw.

Bitsikas used a machine-learning program to collect data from the SMS system that supported texting to and from mobile phones since the early 1990s.
“Just by knowing the phone number of the user victim, and having normal network access, you can locate that victim. Eventually, this leads to tracking the user to different locations worldwide,” Bitsikas noted.
He mentioned that SMS security has slightly improved since it started for 2G networks almost 30 years ago. Whenever a user receives a text message, their smartphone instantly sends a notification to the sender. Smartphones send this notification as a receipt of delivery.
How hackers can use this flaw
As per the report, the method used by Bitsikas can be used by criminals to spam users by sending several text messages to multiple numbers. Hackers will be able to triangulate the location based on the timings of their smartphones’ automated delivery replies. The report also notes that attackers will be able to track users’ location even if their communications are encrypted.
“Once the machine-learning model is established, then the attacker is ready to send a few SMS messages. The results are fed into the machine-learning model, which will respond with the predicted location,” Bitsikas said.

Apart from this, Bitsikas has reportedly not discovered any of this vulnerability being exploited actively. “This does not mean that (hackers) aren’t going to make use of it later on,” he warned.
The report mentioned that the security flaw has already been exploited through Android operating systems. However, the procedure might be difficult to scale as scammers will need to have Android devices in multiple locations. Moreover, these devices have to keep sending messages every hour and the attackers have to calculate the responses to find the location. The report also added that a collection of fingerprints can take several days to decipher depending on the number of them being sought by the attacker.

function loadGtagEvents(isGoogleCampaignActive) { if (!isGoogleCampaignActive) { return; } var id = document.getElementById('toi-plus-google-campaign'); if (id) { return; } (function(f, b, e, v, n, t, s) { t = b.createElement(e); t.async = !0; t.defer = !0; t.src = v; t.id = 'toi-plus-google-campaign'; s = b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t, s); })(f, b, e, 'https://www.googletagmanager.com/gtag/js?id=AW-877820074', n, t, s); };

window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );

For all the latest Technology News Click Here 

Read original article here

Denial of responsibility! TechAI is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.