Some background, I was a hacker for 15 years and survived some heinous shit including attempts of doxing by class enemies and actually being hunted by feds. But one of the techniques keeps coming back from the death all those decades is Electron web app framework HTTP leak. It’s a very simple 0day but niche to the point that Electron devs somehow can’t patch it. What this HTTP leak attack does is it allow traffic from an app client to be traced as soon as the attacker made contact with the client network server. Electron leaks both private and public IP addresses of user. You can demonstrate this yourself with just a reddit app and chat function, and tracert. It’s a trivia bug but if you have heard of things like Xbox, psn or steam resolver, it’s basically just Electron HTTP leak attack. And it costs actual thousands of human lives in both global south, and in US especially the Andrew Finch murder in Wichita because the doxer used resolver. And that’s a thing, once you get the IP, you can locate the target’s ISP narrowing down the subnet of it. But because Palestine subnet is significantly smaller than US, Zionist and American intelligence can just increase accuracy through host discovery or ping scanning to correlate all connected targets in the same network pinpoint exact device Electron leaking. Please consider this in your opsec.
They don’t even need to do anything crazy in their bombing campaigns on Gaza. Facebook lets them do whatever they want with their WhatsApp location services. Any phones likely have Pegasus installed onto them, and practically all Samsung phones in West-Asia has “israeli” malware on it preloaded.
The thing about this 0day is that you don’t even need to exist on the user device, all you need to do is send a packet to the app using Electron on the victim’s device and it will ping back the IP. Discreetly no requirements for Pegasus or spyware. Your victim wouldn’t even aware until too late.
remember: “leave your phone at home”. and to the best of our abilities, form a network of friends and "guy who knows a guy"s when it comes to getting to and fro and sharing information (assuming the ultimate reason one needs their phone on them is for transportation and personal safety). it sucks so bad but us revolutionaries and leftists in 2025 [onward] have been embargoed as it were regarding mainstream technology and internet usage as a whole. it complicates praxis and is very obviously much manufactured by Western imperial forces.
Thank you for sharing this, I have no doubt you are correct. Admittedly though, as someone who is not technically inclined I don’t quite know what to do with this information. Should I limit the apps on my phone to only what is essential? Use iOS with ADP and Lockdown Mode? Go with GrapheneOS? Just chuck out my phone entirely?
It doesn’t matter if you put the app in lockdown mode because as long as it allows to receive traffic from outside world the attacker can make contact with your device. I think people don’t understand the risk that they don’t need to compromise your device like fancy Pegasus, all they need to do is just send empty packet to the app that uses Electron and it will ping back literally immediately your location. You can even say that it’s an NSA backdoor because every time there’s a thread brings up about the IP leak the devs immediately shut down the discussion and claim it’s not their fault, despite every single social media app out there including Signal uses Electron. Matrix is the only app immune to this because it doesn’t use Electron for web app.
That’s horrifying because discord, teams, etc all use Electron.
What are ways to block that?
I thought it was through the phone. Android can ping your location, so they know where you are.
This 0day reduces the complications of using other techniques that the victim would discover they’re being tracked. Even if you use a Graphene and you have any of the apps like Signal that use Electron, you will be tracked. I remember Dessalines addressed this before that Signal leaks IP but they didn’t know it because Electron. All you need to do is just ping a packet to make contact with the victim’s device app and that device will ping back your location. It was Iran who also published that WhatsApp and Messenger use ping scan to map network, and mentioned IP leaking.
This doesn’t make any sense. Electron is used for desktop apps, not mobile apps. The Andrew Finch shit, you’re just making up. Then the “explanation” is not an explanation at all. What is even “steam resolver”? What do “Xbox”, “PSN” have to do with Electron? What does tracert have to do with it? If it’s so simple why hasn’t it been published yet as a CVE entry?
And that’s a thing, once you get the IP, you can locate the target’s ISP narrowing down the subnet of it.
Again this doesn’t make any sense. The IP comes with the subnet, and why would need to know the ISP?
And finally, why would they need to do this in the first place if they already own everything and can effectively surveil all traffic?
