New vulnerability in SMS messaging could expose smartphone users' location to hackers, researcher says
Evangelos Bitsikas, who is pursuing a PhD in cybersecurity at the Northwestern University in the US, applied a new machine-learning program to data gleaned from the SMS system of mobile devices.
Receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. Bitsikas developed an ML model enabling the SMS sender to determine the recipient's location with a 96% accuracy for locations across different countries, the researcher says in a study.
The basic idea is that a hacker would send multiple text messages to the target phone, and the timing of each automated delivery reply creates a fingerprint of the target's location. These fingerprints have ever been there but weren't a problem until Bitsikas' group used ML to develop an algorithm capable of reading them. They can be fed into the machine-learning model, which then responds with the predicted location.
According to the researcher, it doesn't matter whether or not the communication is encrypted.
A standard controlled by Google is many times worse than a standard not existing.
An actual acceptable standard must come from an impartial third party. Apple should absolutely not be proposing one either.
I'll take this as an upfront admission that apple is not only opposed to standards but actively avoidant of them when it is profitable, rather than the deflection it was meant to be.
You seem knowledgeable enough to know that standards are usually contributed to by corporations and that this has many many times not ruined them. The whole web is built on this fact. But unfortunately your zealotry blinds you to what your priorities ought to be, standards for everyone's benefit.