Side-channel via delivery receipt timing on Signal and WhatsApp (Careless Whisper research)

Following up on the Careless Whisper research from University of Vienna / SBA Research (published late 2024, proof-of-concept public as of December 2025): Protocol-level vulnerability: Both Signal and WhatsApp use the Signal Protocol for E2EE, which is cryptographically sound. Both platforms, however, emit unencrypted delivery receipts—protocol-level acknowledgements of message delivery. The research demonstrates a side-channel where RTT characteristics of delivery receipts leak recipient behavioural patterns. This is not a cryptographic issue. This is an information-leakage issue where an auxiliary channel (delivery receipt timing) reveals what the primary channel (encrypted messages) is supposed to conceal: who’s communicating, when, and from where. Attack surface: Delivery receipts are unencrypted, per-message acknowledgements RTT measurements (even with jitter) remain correlated with device state Repeated probing builds statistical fingerprints of behavioural patterns Victims experience no notifications or evidence of probing Platform architectures: Signal: Sealed sender + metadata encryption makes this harder but not impossible. Server doesn’t know sender identity, but receipt timing still correlates with recipient availability. WhatsApp: Server-side metadata handling more permissive. Receipt timing correlates with both sender and recipient state. Signal’s architecture mitigates this better but doesn’t eliminate it. WhatsApp’s architecture provides less protection. Current mitigation status: Rate limiting: Signal implemented (Dec 2025), WhatsApp has not Protocol fixes: Neither platform has implemented substantive changes User-level controls: Disabling receipts helps, but attacks work at lower frequencies Why this matters for protocol design: This is a good case study in why you can’t evaluate messaging security through encryption alone. You need to think about: What metadata signals does the system emit? Can those signals be correlated to reveal patterns? What does the threat model assume about these signals? For detailed technical analysis, research citations, mitigation strategies, and threat model implications. submitted by /u/Unicorn_Pie [link] [comments]Technical Information Security Content & DiscussionRead More