Was posted yesterday to a lot of communities, it’s very clickbait:
allows an attacker to grab the location of any target within a 250 mile radius
So it’s a bit rough… In Europe it means basically which country the target is in. Also cloudflare servers are not evenly distributed in the world, so resolution can differ wildly worldwide.
With a vulnerable app installed on a target’s phone
So it’s not really zero click.
Sounds interesting though, nice writeup, but not as scary as it sounds from the title.
The vulnerable app can be anything that displays an attached image though. And a 250-mile radius compared to the whole world is still a very significant step for governments trying to track down dissidents, etc.
The section on responses by Cloudflare, Signal and Discord is disappointing. They’re not taking it seriously enough.
If the target has push notifications enabled (which it is by default), they don’t even have to open the Signal conversation for their device to download the attachment. Once the push notification is sent to their device, it automatically downloads the image from Signal’s CDN triggering the local datacenter to cache the response.
An attacker can run this deanonymization attack any time and grab a user’s current location without a single interaction.
GeoGuesser, powered by the Google Maps API, generates a likely location of the user. It finds the midpoint between the 2 datacenters and draws 2 circles that signify his radius.
And with SS7 they can get even more precise location, and you can’t really hide from that if you want to use a phone with a phone number, what is the point. This is an interesting way of attack, noone really thought about this before, but it’s not “oh-my-god everyone can be tracked via signal”. I guess the closest server doesn’t even selected via geographical distance, but much more depends on network infrastructure of your location, so Google Maps API can’t really help here.
And again any VPN could defend against this, so if you want to hide which country you are in currently, it should be the 0th step to use a VPN.
Cloudflare has more servers in Europe than in North America. That does trace you to which country, which IMO is pretty significant. Especially with the GeoGuesser “average the circles” thing he coded.
Was posted yesterday to a lot of communities, it’s very clickbait:
So it’s a bit rough… In Europe it means basically which country the target is in. Also cloudflare servers are not evenly distributed in the world, so resolution can differ wildly worldwide.
So it’s not really zero click.
Sounds interesting though, nice writeup, but not as scary as it sounds from the title.
The vulnerable app can be anything that displays an attached image though. And a 250-mile radius compared to the whole world is still a very significant step for governments trying to track down dissidents, etc.
The section on responses by Cloudflare, Signal and Discord is disappointing. They’re not taking it seriously enough.
Did you keep reading after the intro?
Excerpt:
If the target has push notifications enabled (which it is by default), they don’t even have to open the Signal conversation for their device to download the attachment. Once the push notification is sent to their device, it automatically downloads the image from Signal’s CDN triggering the local datacenter to cache the response.
An attacker can run this deanonymization attack any time and grab a user’s current location without a single interaction.
If it’s still only the datacenter it doesnt matter that much.
And with SS7 they can get even more precise location, and you can’t really hide from that if you want to use a phone with a phone number, what is the point. This is an interesting way of attack, noone really thought about this before, but it’s not “oh-my-god everyone can be tracked via signal”. I guess the closest server doesn’t even selected via geographical distance, but much more depends on network infrastructure of your location, so Google Maps API can’t really help here.
And again any VPN could defend against this, so if you want to hide which country you are in currently, it should be the 0th step to use a VPN.
Does everyone have access to tracking which stations send the phone signal in the SS7 network?
Yes, anyone can buy access.
Cloudflare has more servers in Europe than in North America. That does trace you to which country, which IMO is pretty significant. Especially with the GeoGuesser “average the circles” thing he coded.
The user having to have the vulnerable app installed does not make it not zero click.