Privacy Issues with WhatsApp E2EE in Multi-device Settings - Security Analysis

Explore a 24-minute conference talk from USENIX WOOT '24 that delves into critical privacy vulnerabilities discovered in WhatsApp's multi-device implementation. Learn about how the world's most popular instant messaging application inadvertently exposes users' device setup information to any other user, even those who are blocked or not in contacts. Understand how monitoring these information leaks enables potential attackers to gather intelligence about victims' device usage patterns, including device replacements, additions, and removals. Examine how the Signal protocol's Sesame architecture for multi-device functionality creates privacy issues that extend beyond WhatsApp to other instant messaging platforms, including privacy-focused applications like Signal Messenger. Discover how message recipients can link messages to specific sender devices, compromising user privacy in ways previously unknown.