"SecurityGladiators via the buttons"

Tor Browser Security Vulnerability: It Can Leak IP Addresses

the_onion_router_vulnerability
The tor browser vulnerability is bad news for people who used Tor for privacy purposes.

For the last couple of days, many have used the Twitterverse to warn users about Tor browser vulnerability.

The warning is mostly aimed at users who use Linux and Mac as their primary operating system.

Researchers have found a critical Tor browser vulnerability which affects the way it provides anonymity to its users.

According to researchers, because of this Tor browser vulnerability, the Tor browser itself could leak their original and real Ip address.

And we all know what happens when a piece of software leaks such delicate information right?

Yes.

Hackers pounce on such leaks.

Right now, we know that users who use the Tor browser are more vulnerable when they try to visit particular types of websites and other services.

Filippo Cavallarin, an Italian security researcher, discovered this Tor browser vulnerability.

Filippo revealed that this Tor browser vulnerability currently existed in Firefox.

And hence it also affected the Tor browser.

Why?

Because even though the Tor browser is a privacy-aware web browser that enables users to use the online web in an anonymous way, at its core it still uses Firefox.

Filippo has dubbed this Tor browser vulnerability as TorMoil.

This Tor vulnerability hurts the Tor browser’s ability to protect user identity on operating systems such as Linux and macOS.

But it doesn’t affect Windows users apparently.

Researchers have not detailed this The Onion Router vulnerability to the public.

Some think that is because they are considering the effect it would have on the privacy and security of Tor users.

The CEO of We Are Segment, a security firm, Cavallarin had privately reported the Tor browser vulnerability to developers back on Thursday, October 26.

The good news is that Tor developers have actually managed to roll out the required emergency update for The Onion Router.

You can find more information about that update by clicking here.

We Are Segment published a short blog post last Thursday as well.

In the blog post, the company discussed the Tor browser vulnerability TorMoil.

The company has stated that Firefox had this The Onion Router vulnerability because of an issue in managing and handling file:// URLs.

tor_browser_vulnerability
Linux and macOS users have more to worry about TorMoil than Windows users

As mentioned before, Tor Browser 7.0.9 is already out.

And this version comes with the fix that protects it against The Onion Router vulnerability TormOil.

As mentioned before, this issue only concerns Mac and Linux users.

TorMoil happens when Firefox or Tor users click on web links that begin with file names such as :// addresses.

As most of us know already, the more common format nowadays is either https:// and/or https://.

This is the actual bug.

The blog post from We Are Segment made it clear that because Firefox encountered a big while handing file:// addresses, hackers could use this bug to leak the user’s real IP address.

After hackers have done that, and the infected Linux or Mac OS user goes to a particular malicious web page, hackers could remotely connect the operating system with a remote host.

This allows them to bypass The Onion Router protection.

For what it is worth, the Tor Project has actually rolled out a temporary workaround for people who want to block hackers from compromising their machines via their real IP address.

The workaround doesn’t mean that there is no The Onion Router vulnerability anymore.

In fact, word on the street is that users who are using Linux and macOS may still find the updated version of Firefox, or Tor, anonymity browser to not behave properly.

Especially if they want to navigate to file:// addresses.

How A VPN Service Comes Into Play.

While we are talking about the new Tor vulnerability and how it could reveal the Tor user’s identity, it is perhaps relevant to mention that a VPN could come in real handy in such situations.

Because if a user is using a VPN service provider and a hacker is able to exploit TorMoil to compromise the user’s IP address, the hacker still wouldn’t have the user’s real IP address.

Why?

Because a VPN service protects your IP address and the associated data via technologies such as encryption and tunneling.

In other words, Tor users who are using a VPN service with Tor don’t have to worry about the TorMoil vulnerability.

So the obvious question now becomes, which VPN service should you go for?

Our research shows that IPVanish is the best VPN service provider if you want to protect yourself from hackers on Tor.

It is fast, reliable, secure and comes with a money-back guarantee.

So users don’t have to take any risks when they are signing up for IPVanish.

To sign up for IPVanish from its official website right here and right now,

With a good VPN service provider like IPVanish you never have to worry about Tor leaking your IP address via a vulnerability because it wouldn’t know your IP address.

To the outside world, your IP address is actually your VPN server’s IP address.

Hence, with a VPN service, you are safe regardless of the fact that Tor has a serious vulnerability.

Developers will come up with a permanent fix though For The Tor Browser Vulnerability.

the_tormoil
TorMoil allows hackers to steal Tor users real IP addresses

But until that becomes available, users will have to make do with the above-mentioned workaround.

The Tor Project, in an official statement, said on Friday that the fix they deployed represented just a workaround to guard against the leak.

The statement also mentioned that as a result of the patch:

users may find that navigating to file:// URLs may not work within the browser as they would expect anymore.

Furthermore, users may face particular problems when trying to enter file:// URLs bar.

They also mentioned that clicking on such links will result in a broken link message.

If the user tries to open those addresses in a new window or a new tab, The Onion Router will again not work properly.

One workaround that problem is to simply drag the link into the web browser’s URL bar.

Or even on a tab instead of clicking on it.

The Tor Project team ended the blog post by saying that they would keep tracking the issue’s follow-up regression via bug 24136.

According to another Tor Project statement, users who are using,

  • the Windows version of Tor
  • or the sandboxed version of Tor browser
  • or Tails

that are in their alpha testing phase will also not get affected by The Onion Router vulnerability.

The Tor Project team also announced that they had no evidence to suspect that hackers had tried to actively exploit The Onion Router vulnerability TorMoil.

Hence, Tor users should have no reason to believe that hackers may have compromised their real IP address.

Of course, the lack of evidence is not enough.

tor browser vulnerability
Developers hope that they can come up with a permanent solution to TorMoil quickly

In other words, it doesn’t prove that nation-state hackers did not exploit the bug.

Skilled hackers usually have the means to take advantage of new vulnerabilities and they do so quickly.

The market is at an all-time high demand for zero-day Tor exploits.

Zerodium has even stated that it is ready to pay a total of $1 million to any hacker or individual who can provide a zero-day exploit for Tor.

As mentioned before, the team behind the Tor Project has recently released a new The Onion Router version 0.3.2.1-alpha.

This is their attempt to keep Tor user’s identities safe and sound.

This new version includes improved support for all next-generation online onion services.

The new version also has integration with new and cutting-edge encryption technologies.

Moreover, the new Tor version basically improves the overall authentication into Tor’s web service.

Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment