On previously thought-to-be secure messaging apps like WhatsApp, Signal, and Threema, security researchers have found a’ surprising’ way to reveal location data.Despite adopting an erroneous method, the tests yielded an average dependability of 80%.
The process calculates how long it takes the attacker to learn whether a message sent to the target has been delivered. Because of their unique physical qualities, mobile internet networks and the server architecture for instant messaging apps produce typical signal paths with predictable delay times based on the user’s location.
Checking the logs of a packet capture programme like Wireshark can allow you to determine the precise timing. Since the method will be accurate on location data if they are in an area the attacker is familiar with according to their usual routine, the attacks can only be employed against targets that attackers have knowledge of.
According to the classification results, targets utilising Signal had an accuracy rate of 82%, those using Threema of 80%, and those using WhatsApp of 74%. If apps include some kind of time randomization, they will provide privacy mitigation against this method.
“With a lag of between 1 and 20 seconds, this temporal attack might be stopped without affecting the practicality of the delivery status messages.
