San Francisco, CA – January 23, 2025-A Cloudflare CDN flaw exposes user locations via secure apps like Signal and Discord, raising major privacy concerns. Cloudflare has patched the issue but challenges remain.
A newly discovered Cloudflare CDN flaw has sent shockwaves through the cybersecurity community, revealing that user locations can be exposed even through secure chat apps like Signal and Discord.
The flaw, uncovered by a security researcher named Daniel, allows attackers to pinpoint a target’s location within a 250-mile radius by exploiting cached media resources on Cloudflare’s content delivery network (CDN).
This is a zero-click vulnerability, meaning users don’t need to interact to be tracked. An attacker can simply send an image hosted on Cloudflare, and the target wouldn’t even know they’re being monitored.
The attack leverages Cloudflare Workers and a tool called Cloudflare Teleport, which manipulates requests to force data through specific data centers. By analyzing responses, attackers can determine the target’s general location.
This flaw is particularly concerning for privacy-focused individuals like journalists and activists. It highlights the ever-present vulnerabilities in platforms we trust.
While Cloudflare claims the issue was patched after the initial disclosure in December 2024, the researcher demonstrated a workaround using a VPN to bypass the patch. According to the researcher, this method still accesses around 54% of Cloudflare’s data centers globally.
Cloudflare responded, stating:
We encourage third-party researchers to report vulnerabilities. This issue was resolved immediately upon disclosure.
Signal and Discord, however, dismissed responsibility, stating the issue lies beyond their network scope. The discovery emphasizes the need for robust privacy measures, especially as digital platforms increasingly rely on third-party CDNs.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.
