A cybersecurity specialist working under the alias nusenu discovered a vulnerability in the confidential tor browser.
Hackers can get a chance to steal bitcoins if they take control of the output nodes. The Tor browser uses technology that increases the anonymity of users on the network by hiding their IP addresses. Data is encrypted using” onion routing”, which is performed through several intermediate nodes. According to the nusenu researcher, the main threat is posed by output node operators that receive information about the actual purpose of user requests.
To get full control over unencrypted HTTP traffic, hackers selectively delete HTTP-HTTPS redirects. Hackers pay special attention to requests for bitcoin mixers and sites related to cryptocurrencies. By managing exit nodes, hackers can delete encryption protocols on such sites, as well as view user data and track their actions. The vulnerability allows hackers to change Bitcoin addresses in HTTP traffic and redirect transactions to their wallets.
This year, hackers managed to take control of 24% of the output nodes in Tor. By may, their number reached 380, and this figure is significantly higher than the figures of the last five years. Despite the fact that attacks using the “man in the middle” (MITM) method are no longer new, the expert was surprised by the scale of this attack.
On June 21, Tor administrators eliminated malicious nodes, but attackers still control more than 10% of the output nodes. Therefore, it is highly likely that attacks can resume. To solve this problem, the researcher suggested temporarily limiting the number of output nodes or working only with verified node operators. To do this, you will need to pass email address verification or specify the actual network address.
Recall that last year hackers distributed a fake version of the Tor browser with malware to steal bitcoins.