Cybersecurity

6376 readers

34 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform (gist.github.com)

submitted 1 month ago by kid to c/cybersecurity

2 comments fedilink hide all child comments

top 2 comments

sorted by: hot top controversial new old

[–] [email protected] 5 points 1 month ago

I should have stopped when they announced they were a highschool student.

They didn't reveal the actual identity of anyone. They did use cloudflare to approximate a target's location, and made it slightly fancier by forcing the client to make the request with a push notification.

Companies have used similar approaches for decades. Almost every web interaction with a marketer approximates your location and ties that together with demographics via browser fingerprinting to get a good idea of who you are.

[–] [email protected] 4 points 1 month ago

Sounds a bit clickbait:

allows an attacker to grab the location of any target within a 250 mile radius

So it's a bit rough... In Europe it means basically which country the target is in. Also cloudflare servers are not evenly distributed in the world, so resolution can differ wildly worldwide.

With a vulnerable app installed on a target's phone

So it's not really zero click.

Sounds interesting though, nice writeup, but not as scary as it sounds from the title.