Gabriel Gegenhuber @ DEF CON 33

Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

August 13, 2025

On 10^th of August, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Maximilian Günther, researcher at the University of Vienna, gave a talk on “Silent Signals: Exploiting Security and Privacy Side-Channels in End-to-End Encrypted Messengers” at the DEF CON 33.

The DEF CON talk revealed that with billions of users worldwide, mobile messaging apps like WhatsApp and Signal have become critical for personal and professional communication. While these platforms promise security and privacy, the research uncovered two significant vulnerabilities that expose users to stealthy tracking and security degradation.

First, they revealed how delivery receipts – commonly used to confirm message delivery – can be exploited to track a user’s online status, screen activity, and device usage without their knowledge. This technique enables passive surveillance, draining a target’s battery and data allowance while remaining entirely invisible to them.

Second, they demonstrated a novel attack on WhatsApp’s implementation of the Signal Protocol, specifically targeting its Perfect Forward Secrecy (PFS) mechanism. By depleting a victim’s stash of ephemeral encryption keys, an attacker can weaken message security, disrupt communication, and exploit flaws in the prekey refilling process.

Both attacks require nothing more than the victim’s phone number and leverage fundamental design choices in these widely used platforms.

This talk provided an in-depth analysis of these vulnerabilities, their implications, and potential mitigations – challenging the security assumptions of modern encrypted messaging.

Co-authored by Maximilian Günther Markus Maier, Aljosha Judmayer, Florian Holzbauer, Philipp É. Frenzel, and Johanna Ullrich.

Supporting young research talents

Our work thrives on collaboration with emerging experts. Maximilian Günther, co-author of two recent scientific papers and and the DEF CON talk, is a great example. His bachelor’s thesis and project work (supervised by Gabriel Gegenhuber) became integral parts of the research output. This is a perfect example of research-oriented university education and how fostering young talents can lead to internationally recognized results.

Links

Research Paper:
Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers
Prekey Pogo: Investigating Security and Privacy Issues in WhatsApp’s Handshake Mechanism

Presentation
ERIS Research Group

News