Welcome!

Welcome to the 1337pwn community forums. Register now for an account.

Register Now

Announcement

Collapse
No announcement yet.

Abusing WebRTC to Reveal Coarse Location Data in Signal

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Abusing WebRTC to Reveal Coarse Location Data in Signal

    So this month, when I disclosed a way to leak a user’s DNS server simply by ringing their Signal number (CVE-2020–5753), I was happy to see how fast they patched it. Revealing a Signal user’s DNS server can potentially reveal coarse location, but as we will later see, in instances such as Google Public DNS (8.8.8.8/8.8.4.4) and others, this attack can narrow the location down to the Signal user’s city due to usage of EDNS Client Subnet.
    https://medium.com/tenable-techblog/...e-643eb4298447

    #2
    It's important to patch to the latest version (3.8.4) as this flaw essentially leaks a targeted user's DNS servers, permitting actors to profile them wherever they may be (Home, work, etc.)

    Comment


      #3
      It's impressive how quick Open Whisper Systems patched this considering they are a non-profit organization. I know there are for-profit corporations that don't even patch as quick as this! And that is for smaller bugs too. 🤣

      Comment

      Working...
      X