Tor Network Exit Nodes Found To Be Sniffing Passing Traffic

Posted: July 5, 2015 in Tech
Tags: , , ,

The very network nodes that relay anonymous Tor traffic for you, free of charge, may be sniffing or reading your data as it passes through. That’s the conclusion of an investigation by a security researcher known as Chloe.

The test involved setting up a dummy website with an admin sub-domain and a login page. Chloe then logged into the site through the Tor network many times – in fact, 137,319 times. Due to timeouts and other issues, only 99,271 attempts resulted in a successful connection to the dummy admin account.

Chloe was looking for instances where the unique password chosen for each login attempt was used a second time, which would indicate that the exit node, in that instance, had sniffed the credentials and someone had then decided to have a go at using the credentials to log into Chloe’s dummy site.

Chloe found 16 instances of multiple uses of a unique password. While it may appear a small number, this number should be zero. In addition, there were 650 unique page visits which points to additional sniffing activity.

Chloe estimates that the number of exit nodes tested was 1400, with each used around 95 times.

The conclusion: “We can see that there’s passive MITM [man in the middle spying] going on in the Tor network. This is done by setting up a fully functional and trustworthy exit node and start sniffing.”

Source: [scmagazineuk]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s