WhatsApp, the app used by over 3 billion people worldwide, had been suffering from a serious security flaw in its multi-device encryption protocol. This vulnerability allowed attackers to identify users' operating systems through leaked metadata, giving them an advantage in launching targeted and effective attacks on specific devices.
How Did Researchers Discover the Vulnerability?
The flaw was identified in the encrypted identifiers (such as Signed Pre-Key ID and One-Time Pre-Key ID) that differed between operating systems, like Android and iOS. For example, Android devices generated sequential values, while iOS followed a completely different pattern. This allowed attackers to identify the targeted system without any interaction with the victim.
Researcher Tal Be'ery first discovered this type of leak at the WOOT'24 conference in August 2024. Later, at WOOT'25, researcher Gabriel Karl Gegenhuber and his team demonstrated how this data could be chained to target specific devices with advanced attacks, like Advanced Persistent Threats (APT), with the potential to deploy tailored spyware for each system.
Partial Fix for the Vulnerability
Initially, Meta had downplayed the issue, but eventually, WhatsApp quietly deployed a partial fix for Android devices. They altered the way Signed Pre-Key ID was assigned, making it impossible for attackers to distinguish between operating systems. However, the vulnerability remains because One-Time Pre-Key ID is still susceptible to exploitation on iOS devices.
How Does the Vulnerability Still Pose a Threat?
Despite the partial fix, the vulnerability persists because of how One-Time Pre-Key ID is designed, which remains vulnerable on iOS. This allows advanced tools to still differentiate between iPhone and Android devices. As a result, researchers advise WhatsApp users to review the devices connected to their accounts and monitor any unusual activity.
The Importance of User Protection and Security Measures
Although WhatsApp provides end-to-end encryption and privacy protection, it's still crucial for users to stay informed about potential risks. Simple actions like reducing the number of devices connected to WhatsApp or regularly updating the app can significantly enhance personal security.
Conclusion:
Security vulnerabilities in widely used apps like WhatsApp serve as a reminder for users to protect their data and guard against cyber-attacks. While flaws are continuously discovered and patched, users need to remain aware of the latest security updates and take proactive measures to secure their personal information.