TY - GEN
T1 - Hope of Delivery
T2 - 30th Annual Network and Distributed System Security Symposium, NDSS 2023
AU - Schnitzler, Theodor
AU - Kohls, Katharina
AU - Bitsikas, Evangelos
AU - Pöpper, Christina
N1 - Publisher Copyright:
© 2023 30th Annual Network and Distributed System Security Symposium, NDSS 2023. All Rights Reserved.
PY - 2023
Y1 - 2023
N2 - —Mobile instant messengers such as WhatsApp use delivery status notifications in order to inform users if a sent message has successfully reached its destination. This is useful and important information for the sender due to the often asynchronous use of the messenger service. However, as we demonstrate in this paper, this standard feature opens up a timing side channel with unexpected consequences for user location privacy. We investigate this threat conceptually and experimentally for three widely spread instant messengers. We validate that this information leak even exists in privacy-friendly messengers such as Signal and Threema. Our results show that, after a training phase, a messenger user can distinguish different locations of the message receiver. Our analyses involving multiple rounds of measurements and evaluations show that the timing side channel persists independent of distances between receiver locations – the attack works both for receivers in different countries as well as at small scale in one city. For instance, out of three locations within the same city, the sender can determine the correct one with more than 80 % accuracy. Thus, messenger users can secretly spy on each others’ whereabouts when sending instant messages. As our countermeasure evaluation shows, messenger providers could effectively disable the timing side channel by randomly delaying delivery confirmations within the range of a few seconds. For users themselves, the threat is harder to prevent since there is no option to turn off delivery confirmations.
AB - —Mobile instant messengers such as WhatsApp use delivery status notifications in order to inform users if a sent message has successfully reached its destination. This is useful and important information for the sender due to the often asynchronous use of the messenger service. However, as we demonstrate in this paper, this standard feature opens up a timing side channel with unexpected consequences for user location privacy. We investigate this threat conceptually and experimentally for three widely spread instant messengers. We validate that this information leak even exists in privacy-friendly messengers such as Signal and Threema. Our results show that, after a training phase, a messenger user can distinguish different locations of the message receiver. Our analyses involving multiple rounds of measurements and evaluations show that the timing side channel persists independent of distances between receiver locations – the attack works both for receivers in different countries as well as at small scale in one city. For instance, out of three locations within the same city, the sender can determine the correct one with more than 80 % accuracy. Thus, messenger users can secretly spy on each others’ whereabouts when sending instant messages. As our countermeasure evaluation shows, messenger providers could effectively disable the timing side channel by randomly delaying delivery confirmations within the range of a few seconds. For users themselves, the threat is harder to prevent since there is no option to turn off delivery confirmations.
UR - http://www.scopus.com/inward/record.url?scp=85164775972&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85164775972&partnerID=8YFLogxK
U2 - 10.14722/ndss.2023.23188
DO - 10.14722/ndss.2023.23188
M3 - Conference contribution
AN - SCOPUS:85164775972
T3 - 30th Annual Network and Distributed System Security Symposium, NDSS 2023
BT - 30th Annual Network and Distributed System Security Symposium, NDSS 2023
PB - The Internet Society
Y2 - 27 February 2023 through 3 March 2023
ER -