ATTAA: Active Text Traffic Analysis Attacks on Secure Messaging Applications

Popular Secure Instant Messaging (SIM) applications like Telegram and WhatsApp have deployed state-of-the-art encryption schemes in recent years to protect the security of user communications. However, SIM applications are still not completely secure. Governments can surveil and censor users who participate in groups on sensitive topics based on the leaked information of their SIM clients. In this paper, we find two types of padding flaws in SIM applications where the padding length is not long enough, thereby exposing users' encrypted traffic characteristics. Furthermore, we first present an Active Text Traffic Analysis Attack (ATTAA) that enables the adversary to obtain sensitive information about target users' clients by merely monitoring their encrypted SIM traffic. Specifically, the adversary can quickly identify the participants of target SIM groups with high accuracy. Our study demonstrates a significant, real-world threat to SIM users due to increasing government regulation on social media. We demonstrate the practicality of our ATTAA through extensive experiments on real-world SIM communications. Although SIM applications have various restrictions on message sending, our results show that only ten text messages in 10 seconds are enough to successfully attack Telegram and WhatsApp with an accuracy of 99.94% and 98.66%, and a false positive rate of 4.3 x 10(-3) and 1.5 x 10(-4).