Through ongoing inquiries to the WhatsApp server, attackers can briefly reduce the encryption for a certain victim by one level-or make it unreachable for everyone (Denial of Service). The information collected is probably more valuable about the target person. At the IT security fair DEFCON 2025, the Austrian security researchers Gabriel Gegriel against Huber and Maximilian Günther from the University of Vienna presented their findings on Sunday (local time).
The focus was on a security feature called Perfect Forward Secrecy (PFS). In addition to longer applicable key pairs of the interlocutors, a separate key pair is generated for each message. This is intended to prevent other messages from being deciphered with a uncovered key. However, this means that once key must be negotiated.
With asynchronous communication, as is typical for WhatsApp and Signal, the participants are not necessarily online at the same time; In such a case, the direct negotiation of a key couple fails. The signal protocol, which is also the basis in a variant, solves this problem through forward -looking upload of one -off keys to the server. There you can be called up by third parties at any time. Then messages are encrypted three times: with the static identity key couple, the approximately replaced, signed suggested pairs (prekey) and with the PFS key pair. Only those who crack all three keys can decipher a caught message.
The attack method
The attack shown by the Austrians allows the use of the one-off key for all WhatsApp messages of a session from the first message to including the first answer. The PFS then lacks these messages, but the participants of a WhatsApp entertainment receive no indication. The attacker has to “only” crack the other two keys. The lowering of the safety level is therefore moderate.
The theoretical possibility is already addressed in comments on the Signal Protocol and was first demonstrated in practice by the Austrians. But that’s not the end of the story.
The method is surprisingly simple: the attacker uses an alternative WhatsApp client and has to know the telephone number of the target account. He repeatedly calls for new PFS keys from the server. If the end device of the target account does not send new keys quickly enough, which in particular seems to fall hard, the stock is soon exhausted. WhatsApp apparently has no restriction (rate limiting) for such key orders. In the tests of the researchers at the University of Vienna and SBA Research, despite waiting for each individual server response, it only took 40 seconds to two minutes. With parallel queries by several end devices, it is even in ten seconds.
In addition, the initialization values of the three accessible key types differ depending on the operating system of the target client. This may help with the selection of malware for a targeted attack over another channel.
The data protection problem
It can be derived from the way a surprising amount of how new one -time keys appear on the server. The simplest variant: There are no new keys. Then the respective end device is in all likelihood.
If new keys appear, the speed of the “reloading” can be infected with the end device model (fingerprinting). In the researchers’ tests, for example, the key creation was achieved in a Samsung Galaxy A54 with a screen and LTE data connection on, for example, in a Samsung Galaxy A54. On the other hand, with iPhones almost always (iPhone SE 93%, iPhone 8 to 88%, iPhone 11 to 80%). Standby or WLAN connection tends to slow down reloading.
A POCO X3 via LTE mobile radio with an active screen made the key fan speed quickly, so that only 17 percent of the requirements occurred. In contrast, 76 percent were successful in standby mode of WLAN. (On this point, the PFS creation attack is similar to the attack on WhatsApp and Signal, which is also presented by the two Austrians on the DEFCON 2025 by means of secret delivery confirmations, where device is also possible.)
Discover more from Apple News
Subscribe to get the latest posts sent to your email.