SimplifiedPrivacy.com on Nostr: !!! NEW Cloudflare Location Leak Vulnerability!!!! Do you use Signal or Discord? ...
!!! NEW Cloudflare Location Leak Vulnerability!!!!
Do you use Signal or Discord? Anyone can triangulate your city location?!!
A random attacker can abuse Cloudflare to find out which Cloudflare server you're pinging images from. Even on Signal, the attacker can triangulate your city location (or VPN exit).
To do the Signal attack, they need to only send you an image. Then see which Cloudflare server you download the image from. This shows the danger of Cloudflare's centralization, which I've bitched about 1000 times to deaf ears.
In response to this 15-year old hacker making a fool of them, Cloudflare did make this attack more difficult, but they've yet to patch it fully. So it can be done at the time I'm writing this.
The kid figured out that it can be done by abusing caching. Caching is when files (such as images) as stored on all of these local datacenters because they are frequently accessed.
To quote the kid,
"A few months ago, I had a lightbulb moment: if Cloudflare stores cached data so close to users, could this be exploited for deanonymization attacks on sites we don't control?"
Further,
"When your device sends a request for a resource that can be cached, Cloudflare retrieves the resource from its local datacenter storage, if available. Otherwise, it fetches the resource from the origin server, caches it locally, and then returns it. "
So then he,
First used Cloudflare WARP (Cloudflare's VPN client), to get access to this data when normally the requests are not allowed.
Second, used Burp to gather data on which signal CDN servers were being used, and control what's sent to Signal.
Third, send the image to the victim. And then get the location of which Cloudflare server they download or view it from.
While this specific attack can be stopped by any VPN, who knows what huge amount of information these centralized Big Tech providers save, store, and use on fingerprints, history, or Cloudflare trust scores. Once again, please consider our VPN, designed to isolate your activity for web apps, with Cloudflare specifically in mind:
https://simplifiedprivacy.com/vpn-docs/overview.html
Sources:
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
https://xcancel.com/hackermondev
https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/
Do you use Signal or Discord? Anyone can triangulate your city location?!!
A random attacker can abuse Cloudflare to find out which Cloudflare server you're pinging images from. Even on Signal, the attacker can triangulate your city location (or VPN exit).
To do the Signal attack, they need to only send you an image. Then see which Cloudflare server you download the image from. This shows the danger of Cloudflare's centralization, which I've bitched about 1000 times to deaf ears.
In response to this 15-year old hacker making a fool of them, Cloudflare did make this attack more difficult, but they've yet to patch it fully. So it can be done at the time I'm writing this.
The kid figured out that it can be done by abusing caching. Caching is when files (such as images) as stored on all of these local datacenters because they are frequently accessed.
To quote the kid,
"A few months ago, I had a lightbulb moment: if Cloudflare stores cached data so close to users, could this be exploited for deanonymization attacks on sites we don't control?"
Further,
"When your device sends a request for a resource that can be cached, Cloudflare retrieves the resource from its local datacenter storage, if available. Otherwise, it fetches the resource from the origin server, caches it locally, and then returns it. "
So then he,
First used Cloudflare WARP (Cloudflare's VPN client), to get access to this data when normally the requests are not allowed.
Second, used Burp to gather data on which signal CDN servers were being used, and control what's sent to Signal.
Third, send the image to the victim. And then get the location of which Cloudflare server they download or view it from.
While this specific attack can be stopped by any VPN, who knows what huge amount of information these centralized Big Tech providers save, store, and use on fingerprints, history, or Cloudflare trust scores. Once again, please consider our VPN, designed to isolate your activity for web apps, with Cloudflare specifically in mind:
https://simplifiedprivacy.com/vpn-docs/overview.html
Sources:
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
https://xcancel.com/hackermondev
https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/