Simplified Privacy

New Cloudflare Location Leak Vulnerability

Signal messenger & Discord are vulnerable

New Cloudflare Location Leak Vulnerability

Anyone can triangulate your city location?!!


Do you use Signal or Discord?

Then a random attacker can abuse Cloudflare to find out which Cloudflare server you’re pinging images from. Even on Signal, the attacker can triangulate your city location (or VPN exit).

Images

To do the Signal attack, they need to only send you an image. Then see which Cloudflare server you download the image from. This shows the danger of Cloudflare’s centralization, which I’ve bitched about 1000 times to deaf ears.

15 year old kid

In response to this 15-year old hacker making a fool of them, Cloudflare did make this attack more difficult, but they’ve yet to patch it fully. So it can be done at the time I’m writing this.

Caching

The kid figured out that it can be done by abusing caching. Caching is when files (such as images) as stored on all of these local datacenters because they are frequently accessed.

To quote the kid,

"A few months ago, I had a lightbulb moment: if Cloudflare stores cached data so close to users, could this be exploited for deanonymization attacks on sites we don't control?"

Further,

"When your device sends a request for a resource that can be cached, Cloudflare retrieves the resource from its local datacenter storage, if available. Otherwise, it fetches the resource from the origin server, caches it locally, and then returns it. "

So then he,

First used Cloudflare WARP (Cloudflare’s VPN client), to get access to this data when normally the requests are not allowed.

Second, used Burp to gather data on which signal CDN servers were being used, and control what’s sent to Signal.

Third, send the image to the victim. And then get the location of which Cloudflare server they download or view it from.

Takeaway

While this specific attack can be stopped by any VPN, who knows what huge amount of information these centralized Big Tech providers save, store, and use on fingerprints, history, or Cloudflare trust scores. Once again, please consider our VPN, designed to isolate your activity for web apps, with Cloudflare specifically in mind:
Learn More

Source Links

[1 - Kid’s Github]
[2 - Kid’s Twitter]
[3 - 404 Media]


If you really want to learn and take your privacy to the next level, subscribe to our new content via: Podcast RSS, Session list, Nostr, Bastyon, Article RSS, or join the Signal Group

Related Posts

DoJ: Google must sell Chrome

DoJ: Google must sell Chrome

Big effects from Google's anti-trust case

[SP]

Nov 21, 2024
Google's new AI nuclear reactors

Google's new AI nuclear reactors

Google announced nuclear power reactors for AI.

[SP]

Oct 30, 2024
Linked-In Tyranny Agenda

Linked-In Tyranny Agenda

They want the power to starve you if you don't obey

[SP]

Oct 8, 2024
Google is Totalitarian

Google is Totalitarian

Shocking Leaks & Whistleblowers. The key sources you need to persuade your friends and family

[SP]

Oct 4, 2024