Due to the FBI’s success de-anonymizing Tor users, the Tor Project is teaming up with researchers to protect users from any further hacking from the FBI. Vice reports.
Pretty recent court cases have shown that the FBI is well capable of hacking Tor, even though the software is praised for its reputation as the best online privacy software available. A new paper, that states security researchers are now working alongside the Tor Project to help create a hardened version of the Tor Browser, using new anti-hacking techniques that would drastically improve user security and help fight off any further attacks from law enforcement agencies.
In particular, researchers are currently testing “Selfrando”. This is a technique to protect against browser exploits like the one the FBI supposedly used. Selfrando is meant to counteract the ‘’code refuse’’ exploits, instead of attempting the more difficult job of injecting new malicious code, the attacker will exploit memory leaks to reuse code libraries that already exist in the browser. This builds malware by rearranging things inside the applications memory.
To do so, the attacker needs to generally have an idea of where particular functions are located within the app’s memory. The current security features in browsers only randomize the locations of code libraries, but not the individual functions. This is what Selfrando was made for, creating a random address space of internal code that’s much harder to exploit.
“Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers. The Tor Project decided to include our solution in the hardened release of the Tor Browser, which is currently undergoing field testing,” researchers have written in the paper.
This means it’s about to get a lot more difficult to hack the Tor Browser, even if you are law enforcement agencies that have already complained about not having the resources to track down terrorists and other criminals.
“The Tor Project decided to include our solution in the hardened releases of the Tor Browser, which is currently undergoing field testing,” the paper went on to say.
It might be true that this defensive strategy may not last long, but it shows the other side of the academic community that is set on patching the holes that their colleagues are using to help the government hackers use to their advantage.