139
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Jan 2025
139 points (100.0% liked)
Technology
60942 readers
3347 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
""compromised device"" in this scenario is any device with a chat app installed, push notifications on, and the chat service uses Cloudflare CDN. This is a very common setup, Discord and Signal were mentioned as examples. Many others are vulnerable for the same thing. With read receipts on the chat platform (like Signal), no push notifications are required.
The headline is sensationalist, but it isn't something to be ignored. Especially for more privacy focused platforms like Signal, even leaking the country someone is in can be considered a risk. That's effectively what this attack allows.
I feel like people here have forgotten the difference between "vulnerable" and "compromised".
It matters because calling everyone's default setup chat apps compromised implies that an attack has occurred.
Already addressed in a different comment, but yes.