Frustrated Researcher Drops Two Tor Zero-days Vulnerabilities
The Tor browser is used by users worldwide because of the security and privacy it provides to its users. It works on the principle of Onion Routing, which routes traffic through multiple servers and is encrypted each step of the way. This mechanism makes it difficult to trace what is viewed by the user.
However, recently, a researcher disclosed two 0days for the Tor browser publicly and planned to do so for three more. A 0day is a bug that is unknown and unresolved. In his blog, Dr. Neal Krawertz had mentioned instances of earlier when he reported the bugs directly to the authorities, but nothing was done about it.
“Although it was marked as ‘resolved’, the issue was never fixed.” ~ an excerpt from his blog.
The first 0day, as claimed by Krawetz, can block the user from using the Tor browser. This bug can be exploited by organizations and governments where there are already restrictions on internet usage.
“When the packet sniffer sees a TLS server-side certificate, it generates a signature. If the signature matches the pattern for a Tor server, the scanner flags the connection as a Tor connection.”
The second 0-day, as explained in another blog, can be exploited into identifying indirect connections (bridges) to the Tor browser.
“Direct connections to the Tor network are the most common type of connection. However, there are also indirect ways to connect to the Tor network. These indirect methods are called ‘bridges’. If someone could detect every bridge protocol, then every Tor user could be blocked from accessing the Tor network, or they can be directly surveilled. (If they know your real network address, then they know who you are, and they can monitor or censor your activities.)”
Dr. Neal Krawertz has called these 0days serious Security Vulnerability. For the three other 0days that he plans to release publicly, he claims one of them could allow the attackers to access the IP address of the Tor users.
However, the Tor network refuses to call these threats as 0days as they said that these are already known, and they have assigned experts to fix them.
It is common for the researchers to publicly announce about the bugs if they feel that the authorities are not hearing them. Nevertheless, the important thing is, Does Tor provide the privacy and security it claims?
As evident from Dr. Neal’s claims, their security and trust are compromised, and if the 0day that could trace IP addresses by hackers is known to exploiters, the complete security of the individuals using Tor is compromised.
Today, our browser knows about us more than anybody else. It is crucial for the companies claiming data security through their browsers like Tor to work continuously for over-coming breaches that can threaten the integrity of its users.
Tor network and browser should address these security concerns as soon as possible.