A group of researchers have discovered a method to estimate a phone’s location with 96% accuracy by exploiting the vulnerabilities in GSMA networks, which handle SMS messaging globally. The process involves a side-channel attack using SMS delivery reports, which can provide a sender with estimates of the recipient’s location based on the timings of these messages.

The attack targets almost all cellular networks, including 2G communication, which is commonly used for SMS. The attacker needs only the recipient’s phone number to execute this method. By sending multiple silent SMS messages (Type 0 messages that don’t alert the recipient) and studying the time differences between when these messages are sent and received, the attacker can estimate the recipient’s location.

The accuracy of this method increases with more precise data on the target’s whereabouts. However, there are limitations due to various factors that can affect empirical measurements in a real-world exploit.

In terms of countermeasures, modifying SMS timings, installing spam filters, or disabling silent messages can reduce the likelihood of such attacks. Disabling the feature that generates delivery reports could be the most effective preventative measure. After the discovery, researchers informed the GSMA, which is currently evaluating various preventative actions.

Full Article: https://www.securitynewspaper.com/2023/06/20/how-to-hack-track-anybodys-phone-location-via-silent-sms-messages/ | See more here: https://arxiv.org/pdf/2306.07695.pdf