From the ‘privacy is a myth‘ files:
WASHINGTON — Security researcher Xinwen Fu
took the stage at Black Hat today and claimed that he could break Tor anonymity with a single cell.
Tor is the global onion router network that provides anonymous internet transit for users. The way it works is there is a transit circuit with multiple hops, Fu explained that the entry point knows where the packets comes from and the exit router knows where the packet goes.
Fu claimed that he had discovered a number of mechanisms by which he could create malicious routers and inject them into a Tor router circuit.
Since the Tor network is made up of volunteers, Fu alleged that it isn’t too hard to become an entry router that could capture or somehow learn about traffic.
“It’s a volunteer based model and it’s a big problem,” Fu claimed. “An attacker can inject or ‘donate’ high bandwidth routers into the Tor network.”
To make matter more difficult, Fu claimed that there is no way to defend against his Tor privacy attack thanks to the anonymity built into the Tor routing protocols that would make rogue access point difficult to detect.
A few people in the Black Hat audience questioned Wu’s claims noting that his approach could in fact be detected by various means. Fu shrugged and noted that he is working with Tor developers to figure out a real solution.
“Privacy is important and we should keep our privacy,” Fu said.