The statement 'In a replay attack, the attacker cannot read the contents of the replayed message' is true.

In a replay attack, the attacker’s goal is to repeat a previously valid message to induce the system to perform the same action again. The attacker does not need to understand or read what the message says; they’re just resending what was observed. If the message is protected with encryption and integrity checks, the attacker cannot extract the plaintext from the captured data, so they cannot read the contents of the replayed message. The effectiveness of the attack comes from the reuse of a valid transmission, not from gaining access to the message’s content. That’s why, in typical secure communications that use encryption and freshness mechanisms (like nonces or timestamps), the statement is true. Of course, if the channel isn’t protected or the attacker has decryption access, reading the content could be possible, but that scenario falls outside the usual replay-attack setup assumed here.