Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore critical security vulnerabilities in end-to-end encrypted messaging applications through this 41-minute DEF CON 33 conference talk. Discover how researchers uncovered two significant attack vectors that compromise user privacy and security in popular messaging platforms like WhatsApp and Signal, despite their billions of users and security promises. Learn about the first vulnerability involving delivery receipt exploitation, which enables attackers to conduct passive surveillance by tracking online status, screen activity, and device usage patterns while remaining completely invisible to victims and draining their battery and data resources. Examine the second attack targeting WhatsApp's Signal Protocol implementation, specifically focusing on how attackers can weaken Perfect Forward Secrecy mechanisms by depleting victims' ephemeral encryption key stashes, thereby compromising message security and disrupting communication through prekey refilling process exploitation. Understand how both attacks require only the victim's phone number and exploit fundamental design choices in these widely-adopted platforms. Gain insights into the detailed technical analysis of these vulnerabilities, their broader security implications for encrypted messaging systems, and potential mitigation strategies that challenge current security assumptions in modern encrypted communication platforms.
