Timing Attacks on WhatsApp, Signal, and Threema can Reveal User Location

restoreprivacy.com

Timing Attacks on WhatsApp, Signal, and Threema can Reveal User Location

restoreprivacy.com

@c0mmandoMA to

Privacy • 1 year ago

Researchers found it's possible to infer the locations of users of WhatsApp, Signal, and Threema by the delivery status notifications.

cross-posted from: https://community.hackliberty.org/post/6687

A team of researchers has found that it’s possible to infer the locations of users of popular instant messenger apps with an accuracy that surpasses 80% by launching a specially crafted timing attack.

The trick lies in measuring the time taken for the attacker to receive the message delivery status notification on a message sent to the target.

Because mobile internet networks and IM app server infrastructure have specific physical characteristics that result in standard signal pathways, these notifications have predictable delays based on the user’s position.

The resulting classification accuracy based on the researchers’ experiments was:

82% for Signal targets
80% for Threema
74% for those using WhatsApp

You must log in or register to comment.

Chat

Privacy

!privacy@links.hackliberty.org

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacy@links.hackliberty.org

Privacy is the ability for an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

Rules

Don’t do unto others what you don’t want done unto you.
No Porn, Gore, or NSFW content. Instant Ban.
No Spamming, Trolling or Unsolicited Ads. Instant Ban.
Stay on topic in a community. Please reach out to an admin to create a new community.

56 users / day
75 users / week
146 users / month
1.87K users / 6 months
562 subscribers
370 Posts
623 Comments
Modlog

mods:
@c0mmando