Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings

In this paper, we demonstrate that merely receiving silent SMS messages regularly opens a stealthy side-channel that allows other regular network users to infer the whereabouts of the SMS recipient. The core idea is that receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender.

Our results show that, after training an ML model, the SMS sender can accurately determine multiple locations of the recipient. For example, our model achieves up to 96% accuracy for locations across different countries, and 86% for two locations within Belgium.

Link to the paper

I’m not going to pretend I understand everything written on the paper so please someone correct me if I’m wrong. But to me it seems that in order for this to work the attacker has to know the phone number associated with the user’s SIM card. Which means that if someone is only using VoIP numbers and the SIM card number is not known to anyone. Or better yet there isn’t even one because this is a data only eSIM, then this attack isn’t going to work.