Although the vulnerability has been corrected, Daniel warns that the use of CDN networks still involves risks from a privacy perspective.
The young hacker warns of risks related to the use of CDN networks. Adobe Stock / AOP
15-year-old hacker called Daniel has succeeded in developing a tool that was able to determine the approximate location of hundreds of different applications. The vulnerability concerned, among other things, the Signal application that many users who value their privacy are favored.
These applications used the CDN (Content Delivery Network) technology giant to improve performance and reliability. However, the tool developed by Daniel utilized the vulnerability of the Cloudflare’s WORKERS scripture environment, which made it possible to manipulate HTTP traffic and route it to certain data centers.
This enabled the Cloudflare’s CDN cache data and data centers locations, allowing the location of application users to be determined by approximately 320-400 kilometers.
The attack was particularly dangerous because it allowed the so-called 0-click attacks, where the user’s location could be fully determined without his or her own operation, for example through push notifications.
Also read: The cloud business has a new challenger best known for error messages
Also read: IPv4 payments shake the cloud users
Also read: A single customer created a toss that “fell half the web”
Daniel has released the Cloudflare Teleport tool and detailed information on vulnerability On its GitHub page. On the subject has also reported Technology site The Register.
Although Cloudflare has corrected this vulnerability, Daniel points out that the use of CDN networks still involves potential risks for losing anonymity.
CDN networks are popular with digital companies as they reduce user request delay by providing information from the nearest data center, which improves performance and user experience.