Trick Tor Browser users into decloaking with Windows DRM-protected files

HackerHouse has published an investigation into using Windows DRM-protected files to unmask Tor Browser users.

The attack works against people running Tor Browser on Windows and requires them to ignore Tor’s warning that third-party files can expose their IP address.

“This is not an attack against Tor or the Tor Browser directly, but a useful way that could be leveraged to identify people attempting to access illegal media content (such as Daesh propaganda),” said HackerHouse.

The attack tricks a user into opening a digitally-signed Windows media file. Windows will automatically open an IE window and access a URL set by the signer to check the file’s licence.

Provided the file is properly signed, no warning other than the standard Tor Browser warning will be displayed – and the file’s creator will be able to get the IP address of the Tor user.

Now read: Tor Network: what it is and how it works

Latest news

Partner Content

Show comments

Recommended

Share this article
Trick Tor Browser users into decloaking with Windows DRM-protected files