Following up on my post from two days ago about the WhatsApp/Signal side-channel: I’ve done some more testing since then — and honestly, I’m pretty happy about all the interesting comments you guys left, so here’s a small update. It looks like this issue has been sitting unpatched for well over a year now. WhatsApp and Signal were both informed back in the original 2024 paper, but nothing has changed at the protocol level. Same behavior, same leakage. Some folks here brushed it off as “it’s just a ping.” Yeah — it is basically just a ping. And that’s exactly why it’s concerning. A silent RTT side-channel is enough to extract way more behavioral info than you’d expect. In my additional tests I was able to spam probes at roughly 50 ms intervals without the target seeing anything at all — no popup, no notification, no message, nothing visible in the UI. Meanwhile, the device starts draining battery much faster and mobile data usage shoots up significantly. The victim still can’t detect any of this unless they physically connect the iPhone to a computer and dig through. So call it tracking, profiling, fingerprinting — whatever. It’s definitely more than “online/offline.” Also: since the repo suddenly got way more attention than expected, I went ahead and cleaned it up + patched all npm dependencies with known vulnerabilities. Should be safe to test now. Repo (research/educational only): https://github.com/gommzystudio/device-activity-tracker Orignal Post: https://www.reddit.com/r/cybersecurity/comments/1pgmvtk/how_almost_any_phone_number_can_be_tracked_via/   submitted by   /u/Economy-Treat-768 [link]   [comments]