Security3.02.2017

Trick Tor Browser users into decloaking with Windows DRM-protected files

Tor logo

HackerHouse has published an investigation into using Windows DRM-protected files to unmask Tor Browser users.

The attack works against people running Tor Browser on Windows and requires them to ignore Tor’s warning that third-party files can expose their IP address.

“This is not an attack against Tor or the Tor Browser directly, but a useful way that could be leveraged to identify people attempting to access illegal media content (such as Daesh propaganda),” said HackerHouse.

The attack tricks a user into opening a digitally-signed Windows media file. Windows will automatically open an IE window and access a URL set by the signer to check the file’s licence.

Provided the file is properly signed, no warning other than the standard Tor Browser warning will be displayed – and the file’s creator will be able to get the IP address of the Tor user.

Now read: Tor Network: what it is and how it works

Show comments

Latest news

More news

Trending news

Poll

Which mobile network do you use for your primary smartphone?

View Results

Loading ... Loading ...
Sign up to the MyBroadband newsletter