More from the article ...
... The new user activity tracking method exploits how WhatsApp or Signal messaging protocols work at the fundamental level -- it abuses delivery receipts to calculate the signal round-trip time (RTT).
Apparently, anyone can ping your device, the app will respond, and the RTT will vary wildly depending on what the phone is doing and whether it is using WiFi or mobile data.
Security researchers first described this vulnerability, dubbed "Silent Whisper," in a paper released last year.
"An adversary can craft stealthy messages that enable probing a target at high frequency (up to sub-second granularity) while not causing any notification at the target side and also in the absence of an ongoing conversation," warned researchers from Gegenhuber et al., University of Vienna & SBA Research.
However, now one cybersecurity researcher, operating under the alias "gommzystudio" on GitHub, has released a proof-of-concept tool that demonstrates how easy it is to track sensitive user activity.
"A phone number can reveal whether a device is active, in standby, or offline (and more)," the developer writes.
However, now one cybersecurity researcher, operating under the alias "gommzystudio" on GitHub, has released a proof-of-concept tool that demonstrates how easy it is to track sensitive user activity.
"A phone number can reveal whether a device is active, in standby, or offline (and more)," the developer writes. ...