Search Icon
Submissions

Measuring Messengers: Analyzing Infrastructures and Message Timings to Extract User Locations in Instant Messengers

Theodor Schnitzler (Research Center Trustworthy Data Science and Security, TU Dortmund, and Ruhr-Universität Bochum)

Mobile instant messengers such as WhatsApp use delivery status notifications in order to inform users if a sent message has successfully reached its destination. We have shown that this standard feature opens up a timing side channel with unexpected consequences for user location privacy. Our results demonstrate that, after a training phase, a messenger user can distinguish different locations of the message receiver by measuring and analyzing the time it takes to deliver messages.

This talk will cover the set of experiments conducted during the project, from original ideas, some of which could not be followed, to the final measurement and evaluation setup we used to produce the results published in the paper.

Speaker’s Biography

Theodor Schnitzler is a postdoctoral researcher at the Research Center Trustworthy Data Science and Security at TU Dortmund University in Germany. He obtained a PhD in Information Security from Ruhr University Bochum, Germany in 2022. His research focuses on privacy aspects in online communication environments from both technical and user perspectives.

Slides

View More Papers

Focusing on Pinocchio's Nose: A Gradients Scrutinizer to Thwart...

Jiayun Fu (Huazhong University of Science and Technology), Xiaojing Ma (Huazhong University of Science and Technology), Bin B. Zhu (Microsoft Research Asia), Pingyi Hu (Huazhong University of Science and Technology), Ruixin Zhao (Huazhong University of Science and Technology), Yaru Jia (Huazhong University of Science and Technology), Peng Xu (Huazhong University of Science and Technology), Hai…

Read More

Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams

Xigao Li (Stony Brook University), Anurag Yepuri (Stony Brook University), Nick Nikiforakis (Stony Brook University)

Read More

VICEROY: GDPR-/CCPA-compliant Enforcement of Verifiable Accountless Consumer Requests

Scott Jordan (University of California, Irvine), Yoshimichi Nakatsuka (University of California, Irvine), Ercan Ozturk (University of California, Irvine), Andrew Paverd (Microsoft Research), Gene Tsudik (University of California, Irvine)

Read More

Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks

Andrea Di Dio (Vrije Universiteit Amsterdam), Koen Koning (Intel), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Read More