Follow

leakt einen ungefähren Standort durch WebRTC. Ein Update wurde vom Entwickler bereits released*.

"[...] an option “Always Relay Calls” [...]
which will never include your public/private IPs in the ICE Candidates. Instead, it will just
send the IP of a nearby Signal TURN server [...] relay the audio/video call [...]"

Android mit Version ab 4.59.11 oder Signal iOS mit Version ab 3.8.4

- medium.com/tenable-techblog/tu
- nvd.nist.gov/vuln/detail/CVE-2

Seiten 1/2

"I found that I could easily force a DNS lookup before the phone even “rings”, [...] we see an incoming DNS query from the remote Signal user’s current DNS resolver.

After testing this multiple times in various locations I found the DNS location accuracy was
usually accurate within ~400 mile radius [...].

With this information, an attacker knows I’m not home at this time."

- medium.com/tenable-techblog/tu
- nvd.nist.gov/vuln/detail/CVE-2

Seiten 2/2

Show thread
Sign in to participate in the conversation
mastodon@bau-ha.us

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!