A rising security concern is drawing attention across the cybersecurity community after a researcher published a tool that can covertly monitor the activity patterns of WhatsApp and Signal users worldwide. The method builds on a protocol level weakness that allows attackers to probe more than three billion devices without triggering any visible notification.
Early tests show the technique can reveal when users are awake, asleep, traveling, or offline. It can also force devices to consume excessive battery power and mobile data, all without the victim’s awareness. With both messaging platforms affected and no complete fix available, individual users and organizations are reassessing their risk exposure.
What Sparked the Concern
The issue originates from "Silent Whisper", a research finding that documented how delivery receipts in encrypted messaging apps respond automatically at a very low level. A developer known as “gommzystudio” expanded on this work and released a proof-of-concept tool demonstrating how attackers can send high frequency probes to any phone number.
These probes never appear in the victim’s interface, yet the timing of the responses reveals detailed information about the device’s current state. Differences in response time vary depending on network connection, screen activity, motion, and device behavior, which allows attackers to build a profile of the user’s daily routine.
Early Indicators and Observations
Security teams analyzing the tool have reported several notable trends:
- The technique works on both WhatsApp and Signal although Signal applies more limitations.
- High frequency probing can significantly accelerate battery consumption beyond normal idle levels.
- Timing patterns can expose whether the device is on WiFi or mobile data and may even hint at regional network characteristics.
- Victims receive no alerts, making the activity extremely difficult to detect without forensic tools.
- The number of forks and stars on the public repository suggests growing interest from researchers and potentially from malicious actors.
These observations indicate that the larger threat is not message interception but the ability to collect behavioral intelligence at scale.
How the Vulnerability Fits Into Larger Threat Trends
This situation reflects a broader shift in attacker strategies. Instead of focusing on message content, threat actors are increasingly trying to exploit the metadata and background behavior of communication platforms. In this case, delivery receipts create a side channel that reveals far more than developers intended.
The release of a user-friendly proof of concept magnifies the issue by making advanced research accessible to anyone. Battery drain and higher data usage add another layer of concern. During controlled experiments, some phones lost more than 14 percent battery per hour and saw significant spikes in data consumption. Users with limited data plans could experience unexpected costs or degraded service as a result.
Potential Impact on Users and Organizations
For everyday users, the primary danger lies in the ability to map habits over time. Sleep patterns, home routines, periods of inactivity, and travel behavior can all be inferred with enough probes. This type of information can be useful to stalkers, scammers, and social engineers.
Organizations may face broader implications. Patterns in employee activity, movement, or availability could expose operational details or introduce compliance concerns in regulated industries. Because the vulnerability is rooted in protocol behavior, mitigation is limited and varies by platform.
Key Points
- A publicly released tool enables high frequency tracking of WhatsApp and Signal users.
- Attackers leverage delivery receipt timing to infer behavior without sending visible messages.
- High volume probes can drain batteries and consume significant mobile data.
- Timing patterns can indicate network type, movement, and even approximate location characteristics.
- WhatsApp currently lacks strong rate limiting while Signal provides more restrictions but is still affected.
- No complete fix is available as of December 2025.
What Users Can Do Now
Both messaging platforms offer settings that can reduce exposure. On WhatsApp, enabling Block unknown account messages in Privacy followed by Advanced may limit how many probes can be sent from unfamiliar numbers. Signal allows users to turn off delivery receipts and typing indicators to reduce metadata emissions.
Security experts also encourage users to restrict visibility settings such as online status, last seen information, and read receipts across all messaging services.
Stay Ahead of Emerging Threats
At Skyriver IT, we help organizations stay resilient against emerging threats by providing proactive security monitoring, infrastructure hardening, and expert guidance tailored to modern attack techniques. Whether you are concerned about mobile platform exposures, messaging app vulnerabilities, or broader cybersecurity risks, our team can help you identify weak points and build stronger defenses.
