New Tool Enables Messaging App Monitoring via Phone Numbers

Understanding the Silent Whisper Tracking Technique

A new tracking method known as "Silent Whisper" has been uncovered by security researchers, revealing a potential vulnerability in popular messaging apps like WhatsApp and Signal. This technique exploits how these apps handle delivery acknowledgments, allowing attackers to monitor devices without sending any visible messages or triggering notifications.

The method works by leveraging low-level message receipts that are automatically exchanged when an app processes incoming network traffic. By knowing only a phone number, an attacker can repeatedly probe a device, making it difficult for users to detect any unusual activity.

Impact on Battery Life and Data Usage

One of the most concerning aspects of Silent Whisper is its impact on battery life and mobile data usage. During testing, smartphones showed unusually high battery consumption when under continuous probing. For example:

• An iPhone 13 Pro lost 14% of its battery per hour.
• An iPhone 11 lost 18% per hour.
• A Samsung Galaxy S23 lost 15% per hour.

In contrast, applying the same approach to Signal resulted in only a 1% battery loss per hour due to stricter rate limiting. This difference highlights the varying levels of security measures implemented by different messaging platforms.

Continuous probing also consumes mobile data and disrupts bandwidth-heavy applications such as video calls. The tracking method relies on measuring round-trip times for delivery receipts, which can provide insights into a user's behavior based on response times.

Behavioral Monitoring Without Accessing Content

Stable and fast responses can suggest that a device is actively used at home, while slower or inconsistent timings may indicate movement or weaker connectivity. Over extended periods, these patterns can reveal daily routines, sleep schedules, and travel behavior without accessing message content or contact lists.

Although academic research described the vulnerability previously, a publicly available proof-of-concept tool has now demonstrated its practicality. The tool allows probes at intervals as short as 50ms, enabling detailed observation without alerting the target. While the developer warns against misuse and emphasizes research intent, the software remains accessible to anyone.

This raises concerns about widespread abuse, especially since the vulnerability remains exploitable as of December 2025.

Mitigation Strategies and Limitations

Disabling read receipts reduces exposure for standard messages but does not fully block this technique. WhatsApp offers an option to block high-volume messages from unknown accounts, although the platform does not define enforcement thresholds. Signal provides additional controls, yet researchers confirmed that probing remains possible.

Traditional antivirus software does not detect protocol-level misuse. Services marketed for identity theft protection or malware removal offer limited value when no malware is installed on the device. This risk is less about data theft and more about persistent behavioral monitoring that users cannot easily observe or verify.

Conclusion

The discovery of Silent Whisper underscores the importance of staying informed about emerging threats and taking proactive steps to protect personal information. As technology continues to evolve, so do the methods used by malicious actors. Users should remain vigilant and consider implementing additional security measures to safeguard their devices and data.