- Attackers can silently tap phones using only the victim’s phone number.
- Polling significantly increases battery consumption when using continuous receipts
- Continuous monitoring consumes mobile data and affects heavy applications
Security researchers have uncovered a tracking technique called “Silent Whisper” that exploits how popular messaging apps handle delivery confirmations.
The method targets WhatsApp and Signal by exploiting low-level messages that are automatically exchanged when an app processes incoming network traffic.
If an attacker only knows a phone number, he can authenticate a device multiple times without sending visible messages or triggering notifications.
Impact on battery life and data usage
Silent Whisper runs under the interface, so it is unlikely to be detected during normal phone use.
Tests done on various smartphones showed unusually high battery consumption during research tasks.
Under normal conditions, phones typically lose less than 1% battery per hour when not in use.
During testing, an iPhone 13 Pro dropped 14% per hour, an iPhone 11 dropped 18% per hour, and a Samsung Galaxy S23 dropped 15% per hour.
Applying the same approach to Signal resulted in only 1% battery loss per hour due to stricter rate limiting.
Continuous polling also consumes cellular data and interrupts bandwidth-intensive applications such as video calls.
The traceability method is based on measuring delivery document execution times.
These response times vary depending on whether your phone is active, inactive, offline, connected to Wi-Fi or using cellular data.
Fast, steady responses may indicate a device is being actively used in the home, while slower or inconsistent times may indicate movement or a weaker connection.
Over longer periods of time, these patterns can reveal daily routines, sleep patterns, and travel behavior without having to access message content or contact lists.
Although the vulnerability has already been described in academic research, a widely available proof-of-concept tool has demonstrated its viability.
The instrument allows probing at intervals as short as 50 ms, allowing detailed observation without alerting the target.
The developer warns against abuse and emphasizes search intent, but the software remains available to everyone.
This raises concerns about widespread exploitation, especially since the vulnerability will remain exploitable until December 2025.
Disabling read receipts reduces exposure to standard messages, but does not block this technology completely.
WhatsApp offers an option to block large messages from unknown accounts, although the platform does not specify any thresholds for compliance.
Signal offers additional checks, but researchers confirmed that the investigation is still possible.
Traditional antivirus software does not detect abuse at the protocol level.
Services marketed as identity theft protection or malware removal are of limited value unless malware is installed on the device.
This risk has less to do with data theft and more to do with constant monitoring of behaviors that users cannot easily observe or verify.
IN cyber news
