"If the attackers perform enough tests to formulate an extensive dataset against a target, they could infer their position among a set of given possible locations in a city, like 'home,' 'office,' 'gym,' etc., based on nothing else but the delivery notification delay," the report claimed. Researchers believe that this vulnerability can be exploited against secure instant messenger apps like WhatsApp, Threema and Signal. The timing attack, according to the report, can give away the recipient's location by country, region, district, city, and if they are using WiFi- or mobile data. It explained, "because mobile internet networks and IM app server infrastructure have specific physical characteristics that result in standard signal pathways, these notifications have predictable delays based on the user's position." Based on the report, if one sends a message and determines the amount of time it takes until the receiver gets the said message, the timing will determine the distance the message traveled from the sender to the receiver.
There is a way malicious actors can exploit to expose the location of secure instant messenger apps like WhatsApp, Threea and Signal, according to a new report.ĭigital privacy advocacy group Restore Privacy reported a vulnerability among secure instant messenger apps that can pinpoint users' location with 80% accuracy depending on the success rate of a "specially crafted timing attack." The report noted that "the trick lies in measuring the time taken for the attacker to receive the message delivery status notification on a message sent to the target." This is alarming especially for apps claiming they are secure and private.
0 kommentar(er)
