Our work, "Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers", was honored with the Best Paper Award at RAID 2025 (the 28th International Symposium on Research in Attacks, Intrusions and Defenses, happening in Australia), recognizing it as the top contribution among all 281 submissions.

Persistence Pays Off

Getting an award like this is always a wonderful surprise, but I genuinely didn’t expect it this time. When I finished the paper in August 2024, I felt excited about it and believed strongly in the idea. But it quickly turned into a difficult child. The paper was rejected three times (sometimes with pretty harsh criticism), and by the time I submitted it to RAID, I definitely had my doubts. Honestly, I celebrated the acceptance itself as if it were already an award. So being selected as the best paper of the entire conference was an incredible and unexpected moment. It was a reminder that persistence really does pay off, and that sometimes it’s worth trusting your instincts and giving your work another chance before diving into major rewrites.

Careless Whisper: How Silent Delivery Receipts Expose Users on WhatsApp and Signal

In the paper, we uncover a surprisingly powerful privacy weakness in two of the world’s most widely used messaging apps: WhatsApp and Signal. While both rely on end-to-end encryption (E2EE) to protect message content, we show that their delivery receipts (the small checkmarks confirming that a message has arrived) can be abused to monitor users without triggering any notification on their devices.

The Hidden Problem: Silent Probing

Delivery receipts cannot be turned off because they are essential for managing the control flow and the underlying encryption. What we found, however, is that both apps also send these receipts for certain "silent messages", such as reactions to messages that never existed. These invisible events allow an attacker to repeatedly "ping" a user's device.

By measuring how long the delivery receipts take to return, attackers can infer remarkably detailed information. This works even if they have never communicated with the victim before, thus knowing the phone number is enough.

What Timing Alone Reveals

Even though message content remains protected, the timing side channel leaks clear patterns of device activity. For example:

• Online and offline status and usage patterns of smartphone and secondary companion devices that allow to deduce a person's daily schedule

• Screen on and screen off states show different timing signatures

• Switching between Wi-Fi, LTE, or being in a phone call leaves identifiable traces

Across iPhones, Android devices, and desktop or web clients, we were able to reconstruct daily behavior with surprising accuracy. In some cases, we could even detect whether a browser tab containing WhatsApp Web was currently active or pushed into the background.

Multi-Device Amplification

Modern messengers increasingly support multiple linked devices such as phones, laptops, and web sessions. Each device sends its own delivery receipts. As a result, an attacker can track all of a user’s devices independently, revealing:

• how many devices the person owns

• what operating systems they use

• when each device comes online or goes offline

In a real-world test, we followed a volunteer as they left home, walked to the office, made a call, switched networks, and opened their laptop, entirely through delivery receipt timing and without causing any notification on their side.

From Privacy Leak to Attack Surface

The same mechanism also enables resource exhaustion. WhatsApp accepted reaction payloads of up to 1 MB, allowing attackers to invisibly consume gigabytes of data or drain 15 to 18 percent of a phone’s battery per hour. Because nothing appears in the app, victims have no indication that anything is happening.

Why This Matters

Our findings show that even privacy-focused E2EE apps can unintentionally leak sensitive information through surrounding protocol behavior. Since users currently have no way to block or detect these attacks, server-side fixes and protocol changes are essential.

Small pieces of metadata can reveal far more than people expect, especially when they are delivered silently.

If you're interested in reading the full paper, you can find it on arXiv.

Finally, I also want to thank my amazing co-authors who helped to make this work possible.