What WhatsApp and Signal reveal, despite encryption
Signal is famous for good end-to-end encryption, WhatsApp is following suit. At DEFCON, two Austrians show what the messengers reveal nonetheless.
Signal and WhatsApp encrypt messages end-to-end, which means that they remain encrypted throughout their entire journey from sender to recipient. This applies to the content. But other information can be harvested with a little effort; at the IT security trade fair DEFCON 2025 on Sunday, Austrian security researchers Gabriel Gegenhuber and Maximilian Günther (local time) presented their side-channel and protocol attacks.
As it turns out, delivery confirmations of Signal and WhatsApp reveal a lot about the end devices used and their status. Delivery confirmations should not be confused with read confirmations, which every user can switch off in their app settings. Delivery confirmations are essential for the service so that it does not endlessly struggle to deliver messages that have already been delivered.
The round-trip time (RTT) of the delivery confirmation alone allows more conclusions to be drawn than the layman would assume. If it takes a very long time, the device is offline. But even fluctuations in the range of seconds reveal the status of the receiving device: The fastest time is when the app is in the foreground, i.e. when it is probably being used. It is slower when it is not in the foreground and even slower when the screen is off or the browser tab is inactive.
This scattering also varies depending on the device model, connection method (LAN, WLAN or mobile) and status (is the cell phone currently being used or not). And that's not all: the transmission of confirmations is implemented differently for different device classes. For example, the delivery confirmations for Whatsapp and Signal are transmitted individually by smartphone apps (Android, iOS), but in groups – for the desktop versions of the services and in a shuffled order for Whatsapp for MacOS.
Conclusions about location
Attackers can create databases using data from test series with their devices to be able to compare data obtained later from attack targets. This would make it possible to tell at a glance what devices are being used under a WhatsApp or Signal account and what state they are probably in at the moment. This allows further conclusions to be drawn: for example, if a certain desktop device or browser instance is regularly online during office hours, it may be possible to deduce the location of the target when delivery confirmations arrive. Conversely, delivery confirmations from a desktop computer that is usually only used in the evening or at weekends may indicate that the recipient is at home.
The number of devices registered under an account is even easier to determine: The Whatsapp and Signal key servers assign consecutive numbers, with 0 and 1 respectively indicating the "main device". Higher numbers are additional devices so that the attacker can also distinguish between them.
Secret flood of messages
However, series of delivery confirmations are required to gain knowledge. A single measurement only tells you whether the device is online. Wouldn't the victim notice if they were covered by an avalanche of messages? No, because it is possible to send specially structured messages to WhatsApp and Signal subscribers that trigger delivery confirmations but are not displayed on the end device. The researchers used alternative implementations of the applications for this purpose.
This means that an attacker can send a long series of silent "pings" to a target of whom they only know the phone number or username without it being noticed. The Signal infrastructure at least has a built-in limit of one message every two seconds, while the Austrians were unable to identify any rate limiting in WhatsApp. This enables close monitoring over long periods of time.
However, series of delivery confirmations are required to gain knowledge. A single measurement only tells you whether the device is online. Wouldn't the victim notice if they were covered by an avalanche of messages? No, because it is possible to send specially structured messages to WhatsApp and Signal subscribers that trigger delivery confirmations but are not displayed on the end device. The researchers used alternative implementations of the applications for this purpose.
This means that an attacker can send a long series of silent "pings" to a target of whom they only know the phone number or username without it being noticed. The Signal infrastructure at least has a built-in limit of one message every two seconds, while the Austrians were unable to identify any rate limiting in WhatsApp. This enables close monitoring over long periods of time.
This makes it possible to remotely determine how many end devices a victim is using their WhatsApp or Signal account on, with which types of devices and operating systems, at what times and in which operating status they are currently in. This includes the transmission method and possibly their location. This enables digital stalking as well as the selection of malware for a targeted attack via a different channel; the information can also help to carry out a physical attack precisely when the target device is unlocked, which helps security agencies and intelligence services in particular.
The research group led by Gegenhuber and Günther from the University of Vienna and SBA Research also discovered that a flood of deliberately incorrectly formatted messages can drain the target device's battery and use up its data quota. This reveals a disadvantage of end-to-end encryption: the server cannot recognize the incorrect formatting and therefore cannot filter out the message. The incorrect formatting is only recognized by the client, which then rightly rejects the message. By then, however, it has already been received and processed, which consumes power and generates a lot of data traffic [–] in the case of WhatsApp.
The researchers tested it with simple messages, with the processing of messages that had already been sent and with responses to received messages. With Signal, they were allowed a maximum size of 194 KByte, which allows up to 360 MByte per hour when using a single sending account. WhatsApp, on the other hand, allows 1,000 KByte per response, meaning that a single sender can foist 13 GByte of useless traffic on the victim in an hour without them noticing. This drains the battery and often the phone bill. By using several senders, correspondingly higher values could be achieved.
Operators do not comment
In early September 2024, the researchers informed WhatsApp operator Meta Platforms and the Signal Foundation. There was apparently no official response. Whatsapp introduced an additional setting option in October that is intended to block messages from unknown senders if a "certain volume" is exceeded. This does not help against attacks by
senders known to the victim.
A remedy would be advisable, as the method could potentially be used for more serious attacks. However, the individual end user can do little to equip themselves. The programmers Metas and Signals are in demand. "Since the server cannot check the content of end-to-end encrypted messages, client-side validation is all the more important," Gabriel Gegenhuber explained to heise security, "We have only triggered delivery confirmations, but since the sender has full control over the design of the messages, the method could also be exploited for more serious attacks, for example in the direction of buffer overflow for the purpose of executing malicious code. An improvement would be, for example, if WhatsApp and Signal did not send delivery confirmations to senders of incorrectly formatted messages."
Details of the research methods and results can be found in the paper Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers.
arXiv.org
Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers
With over 3 billion users globally, mobile instant messaging apps have become indispensable for both personal and professional communication. Besid...
On Sunday at DEFCON 2025, Gegenhuber and Günter also showed how they can downgrade encryption in WhatsApp. heise security will report.
Gegenhuber was also a member of the team that caught ZTE always using the same keys for Voice over Wifi.
Source:
Security
What WhatsApp and Signal reveal, despite encryption
Signal is famous for good end-to-end encryption, WhatsApp is following suit. At DEFCON, two Austrians show what the messengers reveal nonetheless.
None of these issues comes with Threema = most secure messenger for your Smartphone!
