Project

General

Profile

Feature #7072

Research potential for deanonymization by a compromised "amnesia" user

Added by intrigeri over 5 years ago. Updated over 1 year ago.

Status:
Confirmed
Priority:
Elevated
Assignee:
Category:
-
Target version:
-
Start date:
06/04/2018
Due date:
% Done:

0%

Feature Branch:
Type of work:
Security Audit
Blueprint:
Starter:
No
Affected tool:

Description

We already deny access to the Tor control port from the "amnesia" user. Still, there are possibly other ways, for a compromised "amnesia" user, to deanonymize the Tails user, e.g.:

  • taking control of Vidalia (that is running as a dedicated user, but inside a X session controlled by the "amnesia" one), and using its access to the Tor control port; e.g. a selection of bridges picked by the attacker is probably enough to deanonymize the user.
  • using NetworkManager, e.g. to get a list of Wi-Fi access points around
  • more?

Subtasks

Bug #15635: The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interactionConfirmed


Related issues

Related to Tails - Feature #6549: Prevent MAC address leak for non-root users Confirmed 12/29/2013
Related to Tails - Bug #9366: Is user separation enough to hide Tor state from Vidalia? Resolved 05/09/2015
Duplicated by Tails - Feature #5505: investigate deanonymization potential by the desktop user Duplicate

History

#1 Updated by intrigeri over 5 years ago

  • Description updated (diff)
  • Priority changed from Normal to Elevated

#2 Updated by intrigeri over 5 years ago

  • Duplicated by Feature #5505: investigate deanonymization potential by the desktop user added

#3 Updated by intrigeri over 5 years ago

  • Related to Feature #6549: Prevent MAC address leak for non-root users added

#4 Updated by sajolida about 5 years ago

  • Target version set to Hardening_M1

#5 Updated by intrigeri over 4 years ago

  • Related to Bug #9366: Is user separation enough to hide Tor state from Vidalia? added

#6 Updated by sajolida over 4 years ago

  • Assignee set to jvoisin

#7 Updated by sajolida over 4 years ago

  • Target version changed from Hardening_M1 to 2016

#8 Updated by flapflap almost 4 years ago

A compromised amnesia user can execute /sbin/ifconfig or netstat -ie and gets the current IP and MAC addresses.

#9 Updated by Dr_Whax over 3 years ago

  • Target version changed from 2016 to 2017

#10 Updated by intrigeri over 3 years ago

jvoisin: during the roadmap discussion at the summit, we did not know what was your take on it. If you're still up to working on it e.g. in 2017, we can keep it on our roadmap. Otherwise, just let me know and I'll kick it out of the roadmap.

#11 Updated by BitingBird over 2 years ago

  • Target version deleted (2017)

#12 Updated by BitingBird over 2 years ago

  • Type of work changed from Research to Security Audit

#13 Updated by BitingBird over 2 years ago

  • Target version set to 2018

#14 Updated by intrigeri about 2 years ago

  • Target version deleted (2018)

(as per updated roadmap)

#15 Updated by cypherpunks over 1 year ago

I opened #15635 with a PoC utilizing X11 and the Unsafe Browser. I also think there's a rather big risk to allowing unrestricted access to RFC 1918 (local) addresses, since router vulnerabilities that require an attacker positioned on the LAN are absolutely ubiquitous and access to the router itself can fully deanonymize a Tails user.

#16 Updated by intrigeri over 1 year ago

  • Related to Bug #15635: The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction added

Also available in: Atom PDF