Table of Contents
A recent discovery highlights an insidious vulnerability affecting billions of WhatsApp users worldwide. Behind the comfort of end-to-end encryption, a flaw allows digital spies to track your activities without your knowledge. Discover how this attack, ironically named “Careless Whisper,” could compromise your privacy and that of your smartphone.
The 3 key facts not to miss
WhatsApp, one of the most used messaging apps in the world, is at the center of controversy following the discovery of a major security flaw. This vulnerability allows malicious individuals to track users’ activities by exploiting a technical subtlety of the app’s protocol.
The flaw, revealed at the RAID 2025 conference, requires neither malware nor physical access to the phone. The attack relies on sending reactions to nonexistent messages, which triggers a response from the device. This response, although invisible to the user, allows deducing valuable information about the device’s activity.
In addition to compromising privacy, this flaw has notable repercussions on affected devices. Researchers found that a sustained attack can reduce battery life by nearly 18% in just one hour. Moreover, the invisible exchanges generated by this attack can consume several gigabytes of data.
This excessive resource consumption can lead to device overheating and increased costs related to mobile data usage.
The discovery of this flaw has elicited a disappointing response from major tech companies. Although Meta was alerted to this vulnerability in September 2024, no fix has yet been released. On its part, Signal, another messaging app renowned for its security, has also not taken steps to address this issue.
Users are therefore left to protect themselves, as simply disabling read receipts is not enough to solve the problem. The only truly effective solution, although impractical, would be to completely turn off one’s phone.
Meta, formerly Facebook, acquired WhatsApp in 2014, with the aim of enhancing communication privacy through end-to-end encryption. However, this recent vulnerability raises questions about the company’s commitment to user security. Although WhatsApp is often presented as a model of privacy, this flaw shows that there are still gaps to be filled to ensure complete protection of personal data.