Daniel, a 15-year-old high school junior, has discovered a unique 0-click deanonymization attack that can determine a target’s location within a 250-mile radius through popular apps like Signal, Discord, and more. By exploiting Cloudflare’s cache storage, attackers can pinpoint users’ locations without their knowledge. Daniel has developed tools like Cloudflare Teleport to execute these attacks, showcasing the potential risks for journalists, activists, and hackers. Despite efforts to disclose and address the issue, some companies, such as Signal and Discord, have dismissed the severity of the vulnerability, while Cloudflare has only partially patched the bug, leaving room for further exploitation using new methods.
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117