Location data could be exposed in WhatsApp, Signal and Threema

Researchers have discovered method to locate attackers using timing of messages sent and received

Tech Desk October 22, 2022
facebook whatsup linkded
whatsapp logo is seen in this illustration taken august 22 2022 photo reuters
WhatsApp logo is seen in this illustration taken, August 22, 2022. PHOTO: REUTERS

Security researchers have discovered a 'surprising' method to expose location data on messaging apps like WhatsApp, Signal and Threema, otherwise considered secure. The tests conducted produced 80% reliability, despite using an imprecise method.

The method measures the time taken for the attacker to receive the message delivery status notification on a message sent to the target.

Mobile internet networks and IM app server infrastructure possess specific physical characteristics resulting in standard signal pathways that have predictable delays based on the user’s position. The precise timing can be achieved by checking the logs of a packet capture application like Wireshark.

The attacks can only be used against targets that attackers have information on, since the method will be precise on location data if they are in a location the attacker is familiar with according to their regular schedule.

The classification result showed accuracy rate of 82% for Signal targets, 80% for Threema and 74% for those using WhatsApp. If apps release privacy mitigation against this tactic by introducing randomization of timings with some degree.

"Anything from 1 to 20 seconds would be enough to render this timing attack impossible to carry out while not hurting the practical usefulness of the delivery status notifications," Restore Privacy reports.
facebook whatsup linkded

COMMENTS (1)

03490408673 | 1 year ago | Reply zabas0907@gmail.com
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ

Join Us

Entertainment

article

Kamala Harris faces criticism for wearing luxury necklace during border visit
VIEW MORE

LATEST

google maps expands street view and launches historical imagery on google earth

Google Maps expands street view and launches historical imagery on Google Earth

kia dealer portal flaw puts millions of cars at risk of remote hacking

Kia Dealer Portal Flaw Puts Millions of Cars at Risk of Remote Hacking

ford s new holographic technology features interactive displays for drivers and passengers

Ford's new holographic technology features interactive displays for drivers and passengers

youtube introduces pause screen ads adding to user frustration

YouTube introduces pause screen ads, adding to user frustration

ireland fines meta 101m for eu data breach

Ireland fines Meta $101m for EU data breach

tech giants apple and meta refuse to sign eu s new ai safety pact

Tech giants Apple and Meta refuse to sign EU’s new AI safety pact

OPINION

political freedoms under fetter

Political freedoms under fetter

a thrown match

A thrown match

balancing power fixed term for cjp

Balancing power: fixed term for CJP?

the art of co existence in a multi nodal world

The art of co-existence in a multi-nodal world

ethical leadership and universities of pakistan

Ethical leadership and universities of Pakistan

politics through other means

Politics through other means

FOLLOW US

This material may not be published, broadcast, rewritten, redistributed or derived from. Unless otherwise stated, all content is copyrighted © 2024 The Express Tribune.