Exploiting Security Side Channels in E2E Encrypted Messengers

Name: Exploiting Security Side Channels in E2E Encrypted Messengers
Description: End-to-end encryption (E2EE) is the centerpiece of modern secure messaging. Signal, WhatsApp, and similar applications are built on the premise that even the platform operator cannot read user message

Gabriel Gegenhuber, Maximilian Günther

DEF CON 33 · Day 2 · Main Stage

End-to-end encryption (E2EE) is the centerpiece of modern secure messaging. Signal, WhatsApp, and similar applications are built on the premise that even the platform operator cannot read user message

AI review

Gabriel Gegenhuber and Maximilian Günther present a systematic taxonomy of side channels in WhatsApp and Signal that reveal user presence, behavioral schedules, device count, device type, and social graph structure — without breaking the E2EE encryption or requiring any relationship with the target. The only prerequisite is the target's phone number. Attacks include presence probing at scale, fan-out delivery timing analysis for device fingerprinting, identity correlation across platforms, and group membership inference.

Watch on YouTube