Researchers Raise The Alarm On Users’ Location Data Being Exposed On WhatsApp, Signal, And Threema

A new study by security researchers has sent alarm bells ringing.

The study has spoken about a unique means through which a user’s location data could be exposed through apps that are known for being so secure. This included the likes of WhatsApp and Signal.

While the researchers did not go into too much detail about the whole method used to gauge this, they claim their tests were 80% reliable. Moreover, it highlighted how it was now possible to determine where any user was located through popular text messaging apps. And today, actors are launching the most specially curated attack that’s time specific.

This is also when they spoke into detail about how much time it took for any attacker to get their status for message delivery across the board on texts sent out to target audiences.

Today, we’re constantly faced with growing threats from all directions, and seeing mobile networks provide internet and IM apps has led to the creation that there’s going to be a certain delay, depending on where exactly you may be located.

To put it simply, if a sender releases a text, they’re going to time the duration time for it to be received. There are several indicators for that. Hence, the time indicates how long of a distance had been traveled by the message.

As you know, this type of timing is going to be of high precision. But it can get achieved with ease by double checking details of logs on packet apps such as Wireshark.

These types of attacks may be extremely limited across various apps so they would be utilized against a small number of particular targets that you may be knowing about. You’d be forced to send out messages to contacts whenever a particular location of the user is known and then can observe the time taken.

After such calibration data is completed, you get the chance to figure out which particular location they’re in, after sending out a message.

Through analysis of a network’s traffic, attackers get a better estimate of which packets were delivered status alerts. And as far as the apps under review by the security experts, the packets were outlined as having predetermined sizes or even structures that could be identified with different patterns.

For the next step, attackers are required to classify various locations and then allow for matching by enabling ‘round trip’ timings. Making efforts to correlate these things is the next step when you’ve got a target location determined using these types of data.

As far as how well the apps performed in such experiments, well, Whatsapp came third with 74%, followed by 80% for apps like Threema. Shockingly, Signal scored the highest for exposing users’ data with 82%.

Research teams claim one of the best ways for users to maintain their security and privacy is if apps used on a daily basis such as these would add a level of randomness to the timings. Moreover, it’s just another solid way to guarantee that such data isn’t leaked.

Developers were recommended to add systems that randomize confirmation times of message deliveries to senders. And by that they mean a period of 1 to 20 seconds could be enough to predetermine that such attacks weren’t possible.

As of now, two of the three firms outlined were stated to be involved in investigations related to the matter.

But if you really wish to best protect yourself, experts claim the time has come to turn off notification alerts that inform the sender that a message was delivered in the first place. It just confirms when texts get delivered and when they’re being read. And in case you’re looking for an easier shortcut, well, simply utilize a VPN as it introduces randomization

Read next: Hacked Accounts Can Be Bought for Just $6 According to This Report
Previous Post Next Post