A team of university researchers has devised a new side-channel attack named ‘Freaky Leaky SMS,’ which relies on the timing of SMS delivery reports to deduce a recipient’s location.
You must log in or # to comment.
Interesting approach.
It seems like it would be pretty easy to mitigate on the OS level by adding a random delay to delivered receipts without any meaningful inconvenience to end users. A few seconds here or there isn’t going to make or break anything experience wise.
Or does that less than instantaneous response result in a bunch of extra traffic trying to redeliver messages?
Don’t get people started on the use of SMS for 2FA…