Announcement

Collapse
No announcement yet.

A new security threat

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    A new security threat

    https://www.bleepingcomputer.com/new...ize-tor-users/

    Ultrasounds emitted by ads or JavaScript code hidden on a page accessed through the Tor Browser can deanonymize Tor users by making nearby phones or computers send identity beacons back to advertisers, data which contains sensitive information that state-sponsored actors can easily obtain via a subpoena.
    ...
    Ultrasounds can be reliably used to deanonymize Tor users

    Speaking at last week's 33rd Chaos Communication Congress, Vasilios Mavroudis, one of the six researchers, detailed a deanonymization attack on Tor users that leaks their real IP and a few other details.
    The attack that the research team put together relies on tricking a Tor user into accessing a web page that contains ads that emit ultrasounds or accessing a page that contains hidden JavaScript code that forces the browser to emit the ultrasounds via the HTML5 Audio API.
    If the Tor user has his phone somewhere nearby and if certain types of apps are on his phone, then his mobile device will ping back one or more advertisers with details about his device, so the advertiser can build an advertising profile on the user, linking his computer with his phone.

    ...
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    So, then, silence really is golden. Mute your speakers if using Tor, or better yet, don't use Tor.
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      Soooo, what is reading the "signal"? I would say maybe built in mic or head-set? I don't have those so would this even be a concern?

      Comment


        #4
        If you have a smartphone with an active mic, or an IoT device with a mic you are vulnerable


        Sent from my iPhone using Tapatalk
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #5
          I've worked network security for a long time and this is the first I've ever heard of something like this. Now, that's not to say it's not real, but it does seem like an odd way to hack someone. Somewhat convoluted as well.

          Comment


            #6
            Originally posted by megosdog View Post
            I've worked network security for a long time and this is the first I've ever heard of something like this. Now, that's not to say it's not real, but it does seem like an odd way to hack someone. Somewhat convoluted as well.
            Not odd at all. Just another technical attack.

            IoT and active Bluetooth devices respond to ultrasound commands and also, because of their connection to the web, are able to send info back to the perp, or gov agent. Most IoT device users do not even bother to change the default admin name and password, even if they know how, rendering IoT "security" of no use at all. Imaging someone telling the IoT chip in your refrigerator to set the temp above 42F, so that your food spoils while you are at work. Or, your IoT thermostat is told to turn off so that your home or apt cools to below freezing and your water pipes break. Or, your IoT controlled door locks are unlocked using ultrasound commands. Or, your garage door is opened up and gets ransacked. How many people lock the door which is inside the garage which opens to the interior of their home? Open the garage door and you've opened a LOT of people's homes.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #7
              Hmm, makes sense I guess. Although around here that kind of tech isn't in much use at all. Then again we're farmer heavy, and save for a select few, most around here are rather old school in their thinking and appliances, or really anything. lol Probably why I haven't heard more on this kind of stuff.

              Comment


                #8
                Most people don't bother to learn all the capabilities (IF they understand them) of devices they buy. How many purchased some models of VIZIO TV and were not aware of the fact that their activities can be monitored by them by the default settings, and how many know how to turn that monitoring off, if it even works?
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment

                Working...
                X