““compromised device”” in this scenario is any device with a chat app installed, push notifications on, and the chat service uses Cloudflare CDN. This is a very common setup, Discord and Signal were mentioned as examples. Many others are vulnerable for the same thing. With read receipts on the chat platform (like Signal), no push notifications are required.
The headline is sensationalist, but it isn’t something to be ignored. Especially for more privacy focused platforms like Signal, even leaking the country someone is in can be considered a risk. That’s effectively what this attack allows.
““compromised device”” in this scenario is any device with a chat app installed, push notifications on, and the chat service uses Cloudflare CDN. This is a very common setup, Discord and Signal were mentioned as examples. Many others are vulnerable for the same thing. With read receipts on the chat platform (like Signal), no push notifications are required.
The headline is sensationalist, but it isn’t something to be ignored. Especially for more privacy focused platforms like Signal, even leaking the country someone is in can be considered a risk. That’s effectively what this attack allows.
I feel like people here have forgotten the difference between “vulnerable” and “compromised”.
It matters because calling everyone’s default setup chat apps compromised implies that an attack has occurred.
Already addressed in a different comment, but yes.