According to a report by Northeastern Global News, a research group led by US-based-Northeastern University PhD student Evangelos Bitsikas, has exposed the flaw.
Bitsikas used a machine-learning program to collect data from the SMS system that supported texting to and from mobile phones since the early 1990s.
“Just by knowing the phone number of the user victim, and having normal network access, you can locate that victim. Eventually, this leads to tracking the user to different locations worldwide,” Bitsikas noted.
He mentioned that SMS security has slightly improved since it started for 2G networks almost 30 years ago. Whenever a user receives a text message, their smartphone instantly sends a notification to the sender. Smartphones send this notification as a receipt of delivery.
How hackers can use this flaw
As per the report, the method used by Bitsikas can be used by criminals to spam users by sending several text messages to multiple numbers. Hackers will be able to triangulate the location based on the timings of their smartphones’ automated delivery replies. The report also notes that attackers will be able to track users’ location even if their communications are encrypted.
“Once the machine-learning model is established, then the attacker is ready to send a few SMS messages. The results are fed into the machine-learning model, which will respond with the predicted location,” Bitsikas said.
Apart from this, Bitsikas has reportedly not discovered any of this vulnerability being exploited actively. “This does not mean that (hackers) aren’t going to make use of it later on,” he warned.
The report mentioned that the security flaw has already been exploited through Android operating systems. However, the procedure might be difficult to scale as scammers will need to have Android devices in multiple locations. Moreover, these devices have to keep sending messages every hour and the attackers have to calculate the responses to find the location. The report also added that a collection of fingerprints can take several days to decipher depending on the number of them being sought by the attacker.