Submitted via IRC for TheMightyBuzzard
Digital Rights Management (DRM)-protected media files can be used to reveal Tor Browser users' actual IP address and therefore possibly reveal their identity, HackerHouse researchers have demonstrated.
[...] Attackers who want to uncloak Windows users can encode a file and make it so that the authorization URL points to a page controlled by the attackers.
But, if they want the downloading and opening of the file to be performed without a security alert and the target having to approve the action, they must make sure that the DRM license has been signed correctly, and the Digital Signature Object, Content Encryption Object and Extended Content Encryption Object contain the appropriate cryptographic signing performed by an authorised Microsoft License Server profile.
"The objects are used with a Microsoft license server, configured via a DRM profile, when encoding objects using an SDK," the researchers explained.
[...] The researchers made sure to point out that this attack is limited to Windows users who run Tor Browser, and that it does not take advantage of a vulnerability in the actual browser. "TorBrowser does warn you that 3rd party files can expose your IP address and should be accessed in Tails," they noted.
Source: https://www.helpnetsecurity.com/2017/02/03/uncloaking-tor-browser-users-drm-protected-files/
(Score: 2, Interesting) by Burz on Sunday February 05 2017, @10:07PM
The basic issue is that no media-handling software is going to be solid enough to avoid exploits, so on operating systems like Qubes these complex 'client' programs are run in their own separate VMs. The uplink is controlled so the only way out is through another VM that runs Tor itself.