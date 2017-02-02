Please create an account to participate in the Slashdot moderation system

 


An anonymous reader writes from a report via BleepingComputer: Downloading and trying to open Windows DRM-protected multimedia files can deanonymize Tor Browser users and reveal their real IP addresses, security researchers from Hacker House have warned. On Windows, multimedia files encoded with special Microsoft SDK will automatically open an IE window and access a URL to check the file's license. Since this request is sent outside of the Tor Browser and without user interaction, this can be used to ping law enforcement servers and detect the user's real IP address and other details. For example, law enforcement could host properly signed DRM-protected files on sites pretending to host child pornography. When a user would try to view the file, the DRM multimedia file would use Internet Explorer to ping a server belonging to the law enforcement agency. The same tactic can also be used to target ISIS militants trying to view propaganda videos, illegal drug and weapons buyers trying to view video product demos, political dissidents viewing news videos, and more. A video of the attack is available here.

  • So opening an WMV in windows media and phone-home to a server... couldn't the same be done with Adobe reader and PDFs? Or with countless pieces of software out there?
    • This is why the hapless Windows-using would-be criminal should be using something more idiot-resistant, not Windows and the Tor browser. Like Tails for example. That way the hapless offender's DRM-infested movie files, PDFs etc can be forced to phone-home through the Tor network. If the criminal is too hapless to evade law-enforcement, it's caveat emptor.

  • Of course that means the FBI has be able to host the files on the server, and has to have sufficient control to deliver a uniquely keyed file to the users they wish to target. Sort of implies you have hit a honeypot if they get you with that.

  • Quick Workaround (Score:3)

    by gavron ( 1300111 ) on Thursday February 02, 2017 @08:58PM (#53792601)

    1. Determine which TOR-nodes you're talking to. (Netstat or Ethereal)
    2. Remove default route through your ISPs router
    3. Add specific routes to the /32s the TOR-nodes are on through the ISP router

    Traffic routed through TOR will work fine.
    Traffic going outside of TOR will fail except for the local network (your home or office LAN).

    E

