New Tool Enables Phone Number-Based Messaging Monitoring

Understanding the Silent Whisper Tracking Technique

A newly discovered tracking method known as "Silent Whisper" has raised concerns among security experts. This technique exploits how messaging apps like WhatsApp and Signal handle delivery acknowledgments, allowing attackers to monitor a device without sending any visible messages or triggering notifications. The key aspect of this method is that it only requires a victim’s phone number to initiate the tracking process.

How Silent Whisper Works

Silent Whisper operates by abusing low-level message receipts that are automatically exchanged whenever an app processes incoming network traffic. Attackers can repeatedly probe a device using these receipts, making the activity difficult to detect during normal phone use. This method works below the user interface, which means users are unlikely to notice any unusual behavior.

The probing process involves measuring round-trip times for delivery receipts. These response times vary depending on whether a phone is active, idle, offline, connected to WiFi, or using mobile data. Stable and fast responses can suggest that a device is actively used at home, while slower or inconsistent timings may indicate movement or weaker connectivity.

Over extended periods, these patterns can reveal daily routines, sleep schedules, and travel behavior without accessing message content or contact lists. This form of monitoring is particularly concerning because it doesn’t require any malware installation or access to sensitive data.

Impact on Battery Life and Data Usage

Tests conducted on multiple smartphones have shown that the Silent Whisper technique significantly increases battery drain during continuous delivery receipt exploitation. Under normal conditions, idle phones typically lose less than 1% battery per hour. However, during testing, an iPhone 13 Pro lost 14% per hour, an iPhone 11 lost 18% per hour, and a Samsung Galaxy S23 lost 15% per hour.

Applying the same approach to Signal resulted in only 1% battery loss per hour due to stricter rate limiting. Continuous probing also consumes mobile data and disrupts bandwidth-heavy applications such as video calls.

Concerns and Mitigation Strategies

Although academic research described the vulnerability previously, a publicly available proof-of-concept tool has now demonstrated its practicality. The tool allows probes at intervals as short as 50ms, enabling detailed observation without alerting the target. The developer warns against misuse and emphasizes research intent, yet the software remains accessible to anyone.

This raises concerns about widespread abuse, especially since the vulnerability remains exploitable as of December 2025. Disabling read receipts reduces exposure for standard messages but does not fully block this technique. WhatsApp offers an option to block high-volume messages from unknown accounts, although the platform does not define enforcement thresholds.

Signal provides additional controls, yet researchers confirmed that probing remains possible. Traditional antivirus software does not detect protocol-level misuse. Services marketed for identity theft protection or malware removal offer limited value when no malware is installed on the device.

The Broader Implications

This risk is less about data theft and more about persistent behavioral monitoring that users cannot easily observe or verify. The ability to track a device's activity without any visible signs of intrusion poses a significant threat to privacy and security.

As awareness of this technique grows, users should remain vigilant and consider the potential risks associated with their messaging apps. While there are steps that can be taken to mitigate the impact of Silent Whisper, the underlying vulnerability highlights the need for continued research and development in securing communication platforms.