A newly discovered vulnerability in text messaging may enable attackers to trace your location, according to Northeastern Ph.D. student Evangelos Bitsikas.
Closing the vulnerability would require an overhaul of the global SMS system, Bitsikas says.
Would it really be that hard to add a 200-1000ms random delay before sending the receipt and making statistical analysis moot?
Carriers could easily even delay the forwarding of the receipt to aim for constant-time. Probably not a trivial software update, but I wouldn’t call it a major overhaul.
Would it really be that hard to add a 200-1000ms random delay before sending the receipt and making statistical analysis moot?
Carriers could easily even delay the forwarding of the receipt to aim for constant-time. Probably not a trivial software update, but I wouldn’t call it a major overhaul.
Timing attacks aren’t exactly new.