Abstract: WhatsApp, the world’s largest messaging application, uses a
version of the Signal protocol to provide end-to-end encryption (E2EE) with strong security guarantees, including Perfect
Forward Secrecy (PFS). To ensure PFS right from the start of
a new conversation –even when the recipient is offline– a stash
of ephemeral (one-time) prekeys must be stored on a server.
While the critical role of these one-time prekeys in achieving
PFS has been outlined in the Signal specification, we are the
first to demonstrate a targeted depletion attack against them
on individual WhatsApp user devices. Our findings not only
reveal an attack that can degrade PFS for certain messages,
but also expose inherent privacy risks and serious availability implications arising from the refilling and distribution
procedure essential for this security mechanism.