Tor and Mozilla Working on To Make Malware Attacks More Difficult

773

Law enforcement agencies and malicious hackers may have a harder time getting access to the IP addresses of Tor users.

Thanks to upcoming security upgrades that Tor Project and the creators of Mozilla Firefox have been discreetly working on.

Your TOR usage is being watched

Since Tor’s security is never-ending as it stands, hacking an individual user’s computer has proved to be the only vulnerability on which the authorities have banked on time and again to de-anonymize Tor users.

By hacking these endpoints, investigators are able to acquire the IP addresses of the users and thus, their locations.

The new twists and upgrades serve to make the process of unmasking these users a lot harder, if not impossible.

Firefox Security Lead, Richard Barnes explained in an email to Motherboard that currently, they had already created all the basic tools needed for the security upgrades and were in the process of gaining those tools in order to turn realize the concept.

Where the Vulnerability Lies

To break it down, Barnes explained that the Tor Browser has two major constituents: the Tor proxy that is necessary to route the browser’s traffic through the Tor network itself and the modified part of Firefox that makes accessing the network possible.

The Firefox part of the Tor Browser is where the vulnerability lies, according to Barnes, as it is dependent on network access in order to communicate with the Tor proxy.

When compromised, the Firefox part of the Tor Browser can be used to connect to another entity—say a government server—which then puts the user’s anonymity at risk as it reveals information such as the user’s IP address.

Read >>
DRM-Protected Files Used to Deanonymize Tor Browser Users

FBI Has Successfully Breached Tor Using That Weakness

firefox tor
Tor Project and Mozilla Firefox developers are working together on a security upgrade to deter law enforcement to access the identity of Tor users.

The FBI has manipulated this vulnerability before in February 2015 when they used a NIT (Network Investigative Technique) to reveal the IP address of a visitor of a child pornography site.

The malware is suspected to have exploited one of Tor Browser’s weaknesses that people suspect the FBI have under wraps to access the computer before forcing it into contacting a government server outside of the encrypted network.

This way, the law enforcement agency was able to get information that led to the arrest of the suspect.

The upcoming upgrade looks to remove the need for network access in order for the two halves of the Tor Browser to communicate.

With the support of Unix domain sockets’, the two integrated programs should be able to communicate with each other without necessitating an underlying network protocol.

As such, the Firefox side of the Tor browser will no longer be easy to compromise.

Sandboxing Will Cut Off Network Access to the Firefox Half

Barnes added that the new security upgrade will allow Tor users to run it in a sandbox without requiring any network access other than a Unix domain socket to the proxy.

Furthermore, in the event the Firefox half of the Tor browser was compromised, law enforcement agencies would have no network connection with which to relay the user’s information to their servers.

Barnes gave a brief overview of how the Tor Project and the Mozilla Firefox team came to collaborate on this new project.

While Tor Project gave the Tor proxy and the Tor browser Unix socket capabilities, Mozilla made the Firefox browser generally capable of talking to proxies over Unix domain sockets.

Read >>
CMU Researchers Were Hired To Unmask Tor Users

Afterward, Tor proceeded to add this capability to their browser as Mozilla chipped in every once in a while to fix any bugs that came up.

Release Set For Early Next Year

As it stands, Barnes revealed that the upgrade will only work on MacOS and Linux platforms since they already have the necessary sockets, although they are working on extending the capability to the Windows platform.

However, there are some stipulations to be followed in order to get the plan to work.

Other than the availability of the sockets in question on all the platforms, users will also require a compatible sandbox in order to inhibit the Firefox half of the Tor browser from gaining network access in case it is compromised.

The support will be available in Firefox 51, which is set for release in January 2017.

Write for us

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

Tor and Mozilla Working on To Make Malware Attacks More Difficult,
Read >>
Security Vulnerabilities Could Let Hackers Access In-Flight Systems
0 / 5 ( votes)

2 COMMENTS

    • They are open source so, if someone is checking their code and know what they are looking for then it will be difficult to hide a backdoor.

LEAVE A REPLY

1: No Contact Information (Thousands have tried, don't bother) 2: No promotional message.

Please enter your comment!
Please enter your name here

Your comment will appear after few minutes if it is allowed by the moderator. Refresh the page to see it.