Careless Whisper: WhatsApp and Signal can leak data from silent receipts
Found really interesting to share this from the GrapheneOS Discussion Forum.
Just saw this video (https://www.youtube.com/watch?v=B9Syj555RQc) from Daniel Boctor about a type of exploit that can be used to determine your phone model, whether the screen is locked, unlocked or the app is active, whether you're on Wi-Fi or cellular and much more just from sending malformed messages and analyzing the silent delivery receipts. All an attacker needs, is your phone number. Couple that with the recent WhatsApp leak (https://www.univie.ac.at/en/news/detail/forscherinnen-entdecken-grosse-sicherheitsluecke-in-whatsapp) (and we don't know if anyone else exploited it aside from the security researchers) and we have a pretty devastating situation with WhatsApp in particular.
The original source can be found here: https://arxiv.org/pdf/2411.11194
As of now, it seems a fix is not available and neither WhatsApp/Meta nor Signal/Signal Foundation have shown any interest in fixing it, which I find quite concerning. Just thought I would share this, so you can be aware. The video is also pretty good, so I suggest you watch that, even after reading the paper first.