15-Year-Old Discovers Zero-Click Deanonymization Exploit Leveraging Cloudflare Cache
A 15-year-old high school student, Daniel, discovered a critical zero-click deanonymization attack exploiting Cloudflare's caching mechanism. This vulnerability allows attackers to pinpoint the location of users within a 250-mile radius by sending a malicious payload to vulnerable applications like Signal, Discord, and hundreds of others. The attack requires no user interaction and can even be achieved via push notifications. Daniel developed a tool, Cloudflare Teleport, to demonstrate the exploit. While he responsibly disclosed the vulnerability, responses from affected companies were largely unsatisfactory. This highlights the potential security risks inherent in CDN caching and underscores the importance of user privacy awareness.