Astonishing flaw in Tor’s anonymous communication system

Astonishing flaw in Tor’s anonymous communication system

By | 2018-01-16T10:07:22+00:00 31 October 2017|

We are Segment – TorMoil 2017
#wearesegment #TorMoil
October 31st, 2017

The anonymity of Tor’s users has been violated. The most widespread anonymous communication tool for those fighting against censorship is at risk.

Press release n°1/2017 by We are Segment

Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in IT security, has recently discovered a flaw on a component of the international anonymous communication system The Onion Router, known as Tor Browser.

Specifically, he identified a vulnerability – which afterwards he named TorMoil – within the software, allowing third parties to discover users’ identities, which hindered the advantages of Tor’s system. This flaw affects macOS and Linux users only.

Filippo’s discovery highlights an issue of worrisome proportions because involves millions of  users and, ethical and not-ethical activities, benefiting from the Tor system.

The network was born to allow users to carry out their right of anonymity on the Internet, without being tracked down by retracing their computer or device’s IP address.

At the moment, this anonymous communication system is considered one of the most safe and stable in the world. That’s why it represents the standard for online anonymity.

Alerting Tor’s IT staff about the flaw has been an ethical choice. Nevertheless, sharing this information with the community, after fixing the bug, cannot be taken for granted.

Our behaviour follows the outlines of the so called responsible disclosure, that means:

  • giving a warning about a security issue to the software provider,
  • once the bug has been fixed, the news can be spread out.

Considering the gravity of the situation and the severity of the implications, the italian company has chosen to inform the world that unaware users could be in danger, unless they update their Tor software quickly.

«Anonymity damage is an issue that should not be underestimated within Tor’s communication system: as a matter of fact, it endangers all individuals who entrust Tor to protect their identity and, in some cases, it means putting one’s own life at risk.

Think about journalists who, thanks to this tool, can escape governmental restrictions to exercise their freedom of speech.

This kind of vulnerability represents a weapon that, depending on the purpose, might favour on one hand, lawful or ethical interests, and on the other, unlawful ones.

This is why my company decided to share this information only after the issue has been fixed.

Our choice was purely based on ethics, and is consistent with the moral code of our firm. As a company, our first aim is to maximize the profit, but we never forget ethics. That’s why we are ethical hackers.» – says Filippo Cavallarin, We are Segment CEO.

We are Segment

A Cybersecurity company rooted in the hacking world and a subsidiary of the Interlogica group, provides prevention and protection against IT attacks together with dedicated services to secure business networks.

We are Segment Press Office

Riccardo Petrantoni | +39 3398253902 | press@wearesegment.com | www.wearesegment.com