A cybersecurity specialist working under the pseudonym nusenu discovered a vulnerability in the confidential Tor browser.
Hackers can get a chance to steal bitcoins if they take control of the exit nodes. The Tor browser uses technology that increases the anonymity of users on the network by hiding their IP addresses. The data is encrypted using “onion routing” through multiple intermediate nodes. According to researcher nusenu, the main threat is the operators of the exit nodes, receiving information about the real purpose of user requests.
To gain complete control over unencrypted HTTP traffic, hackers selectively remove HTTP-HTTPS redirects. Attackers pay special attention to requests for bitcoin mixers and sites related to cryptocurrencies. By controlling exit nodes, hackers can remove encryption protocols on such sites and view and track user data. The vulnerability allows hackers to change Bitcoin addresses in HTTP traffic and redirect transactions to their wallets.
This year, hackers managed to take control of 24% of Tor exit nodes. By May, their number had reached 380, and this figure is much higher than the last five years. Despite the fact that man-in-the-middle (MITM) attacks are no longer new, the expert was surprised at the scale of the attack.
On June 21, Tor administrators carried out the elimination of malicious nodes, but attackers still control more than 10% of exit nodes. Therefore, attacks are likely to resume. To solve this problem, the researcher suggested temporarily limiting the number of output nodes or working only with proven node operators. This will require verification of email addresses or an actual network address.
As a reminder, last year hackers distributed a fake version of the Tor browser with malware to steal bitcoins.
