A security researcher dissatisfied with the Tor project’s operations has exposed his findings this month. The reports he made include two zero-day bugs in Tor’s browser and network, which could allow ISPs and authorities to track and block users from accessing the Tor network.
Tor Network Infested With Several Zero-day Bugs!
I'm giving up reporting bugs to Tor Project. Tor has serious problems that need to be addressed, they know about many of them and refuse to do anything.
I'm holding off dropping Tor 0days until the protests are over. (We need Tor now, even with bugs.) After protests come 0days.
— Dr. Neal Krawetz (@hackerfactor) June 4, 2020
The Onion Router, or popularly the Tor, is a specialized browser we all knew as a gateway for the dark web. The Tor network maintains a relay of nodes to give us the confidence of reaching our web destination without being tracked. Or more specifically, hardly trackable. But, it’s vested with several zero-day bugs that aren’t revealed and patched till date!
According to Dr Neal Krawetz, a security researcher who has run several Tor nodes by himself has now come up with a detailed explanation of how the Tor browser is vulnerable. He reported the first zero-day bug in Tor’s network on 23rd July this year, where he said by capturing “distinct packet signature” which is created uniquely for every Tor connection made.
An ISP or a company with malicious intent can scan for the possible Tor connections, and track/block him from connecting to the Tor network with this distinct packet signature. And next, the second bug which was reported yesterday is an indirect means of blocking the user, unlike the first instance. Here, the authority can scan for TCP packets of the target’s Tor connection to track/block him.
The indirect here means that the user connecting to the network via Tor Bridges, which are proxies to Bypass the direct blocks as in the first case and connect to the Tor network via a node initially. But by capturing the TCP packets, this too can be blocked! Krawetz says these could be exploited by oppressed regimes to block people from connecting to private networks.
Thus, he made several reports to Tor project explaining the zero-day bugs he caught and waited for patches. But after determining that Tor project has failed even after acknowledging the issues, he now came out publicly to expose the bugs. He even calls to expose three more zero-day bugs soon, were on in that could reveal the real-world IP addresses of Tor servers!
Other Trending News:- News