A new vulnerability has been discovered in the decades-old Short Message Service (SMS) system used in cell phones, which may allow attackers to track the location of users. The research was led by Evangelos Bitsikas, a Northeastern University PhD student, based in the US. The team exposed the defect by applying a complex machine-learning programme to the rudimentary SMS system, which forms the backbone of mobile text messaging since the 1990s. "Just by knowing the user's phone number and having usual network access, an attacker can track the victim," Bitsikas explained.

Tracking the user to different worldwide locations could be achieved using this new finding, says Bitsikas. SMS security has improved only marginally since it was first introduced for 2G networks about thirty years ago, he states. Upon receiving a text message, the user's phone immediately sends a delivery receipt to the sender. According to Bitsikas, a potential attacker can use this method to send several texts to the target user's phone, and the timing of automated delivery responses could be used to triangulate the user's location, regardless of whether their communications are encrypted or not.

Bitsikas further explained, "Once the machine-learning model is set up, the attacker can send a few text messages. The results are then fed into the machine-learning model, which will predict and respond with the user's location." Despite the vulnerability having been exploited primarily via Android systems so far, Bitsikas has found no active instances of its exploitation. However, he warns that this doesn't mean that hackers might not exploit it in the future.

Though the method appears complex to scale, an attacker would need several Android devices in different locations for the operation. They would need to send out messages every hour and calculate responses to collect the required 'fingerprints', which could take days or weeks, depending on the volume needed by the attacker. In related recent discoveries, it's been reported that hackers encrypted data in over two-thirds (or 68%) of manufacturing companies affected by ransomware globally, according to a report by Sophos.

This is the highest encryption rate for the sector in the past three years, indicating that cyber attackers are more frequently succeeding at encrypting valuable data. It's a worrying trend that calls for constant vigilance and improved security measures to protect users' privacy and data security. In the ever-evolving technological landscape, maintaining robust security systems and staying alert to potential threats is indispensable for ensuring data protection.