WhatsApp & Signal Security Flaw: Hackers Secretly Tracking Users

by priyanka.patel tech editor

“Silent Whisper” Technique Allows Phone Tracking Via Messaging App Vulnerability

A newly disclosed tracking method, dubbed “Silent Whisper,” allows attackers to monitor phones silently using only a victim’s phone number, raising significant privacy concerns for users of popular messaging apps like WhatsApp and Signal. The technique exploits vulnerabilities in how these apps handle delivery acknowledgments, enabling continuous tracking without sending visible messages or triggering notifications.

Security researchers have revealed that this method relies on abusing low-level message receipts automatically exchanged when an app processes network traffic. By repeatedly probing a device, an attacker can gather data on a user’s activity and location without their knowledge.

Battery Drain and Data Consumption as Indicators

The “Silent Whisper” technique isn’t subtle. Testing revealed a significant impact on device performance. Under normal conditions, an idle phone typically loses less than 1% of battery life per hour. However, during testing, an iPhone 13 Pro experienced a 14% hourly drain, an iPhone 11 lost 18%, and a Samsung Galaxy S23 saw a 15% reduction in battery life while being probed.

“The unusually high battery consumption during probing activity is a key indicator of potential exploitation,” one analyst noted.

Beyond battery life, continuous probing also consumes mobile data and can disrupt bandwidth-heavy applications like video calls. The method works by measuring round-trip times for delivery receipts, with stable and fast responses suggesting a device is actively used, while slower or inconsistent timings may indicate movement or weaker connectivity.

Revealing Daily Routines Without Accessing Content

Over extended periods, these patterns can reveal sensitive information about a user’s daily routines, sleep schedules, and travel behavior – all without accessing message content or contact lists. While academic research previously described this vulnerability, the recent release of a publicly available proof-of-concept tool has demonstrated its practicality.

The tool allows for probes at intervals as short as 50 milliseconds, enabling detailed observation without alerting the target. Although the developer has warned against misuse and emphasized research intent, the software remains accessible, raising concerns about potential widespread abuse. Researchers estimate the vulnerability will remain exploitable through at least December 2025.

Limited Mitigation Options

Currently, available mitigation options are limited. Disabling read receipts reduces exposure for standard messages, but does not fully block the technique. WhatsApp offers a feature to block high-volume messages from unknown accounts, but does not specify enforcement thresholds. Signal provides additional controls, yet researchers confirm probing remains possible.

“Traditional antivirus software does not detect this type of protocol-level misuse,” a senior official stated. “Services marketed for identity theft protection or malware removal offer limited value in this scenario, as no malware is actually installed on the device.”

The core risk isn’t data theft, but rather persistent behavioral monitoring that users are unable to easily observe or verify. This represents a new frontier in mobile privacy threats, demanding increased awareness and proactive security measures.

.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. You can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp.

Leave a Comment