Cool writeup by a 15yo, except for the way it completely oversells in the title. Basically this al...

croemer • 01/21/2025 • 2 replies • view on HN

Cool writeup by a 15yo, except for the way it completely oversells in the title.

Basically this allowed an attacker to find out which cloudflare data center a victim connected to when being tricked into loading something from cloudflare. This is often within a 250 mile radius of where they're living but not necessarily.

Can't one find out someone's IP just as easily by making them make a request to a URL controlled by an attacker? Is the problem that cloudflare is whitelisted for 0-click?

Replies

AceJohnny2 • 01/21/2025

> Can't one find out someone's IP just as easily by making them make a request to a URL controlled by an attacker?

Unless you can find another flaw in Signal, that'd likely be a 1-click attack, which is less valuable than the 0-click attack demonstrated by the author.

9sIX3oZ1JB5 • 01/21/2025

Might even argue that the title is good because it made us click

alt Hacker News

Replies