Feature #7072
Research potential for deanonymization by a compromised "amnesia" user
0%
Description
We already deny access to the Tor control port from the “amnesia” user. Still, there are possibly other ways, for a compromised “amnesia” user, to deanonymize the Tails user, e.g.:
- taking control of Vidalia (that is running as a dedicated user, but inside a X session controlled by the “amnesia” one), and using its access to the Tor control port; e.g. a selection of bridges picked by the attacker is probably enough to deanonymize the user.
- using NetworkManager, e.g. to get a list of Wi-Fi access points around
- more?
Subtasks
Bug #15635: The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction | Confirmed | 0 |
Related issues
Related to Tails - Feature #6549: Prevent MAC address leak for non-root users | Confirmed | 2013-12-29 | |
Related to Tails - |
Resolved | 2015-05-09 | |
Has duplicate Tails - |
Duplicate |
History
#1 Updated by intrigeri 2014-04-17 10:30:13
- Description updated
- Priority changed from Normal to Elevated
#2 Updated by intrigeri 2014-04-17 10:30:30
- has duplicate
Feature #5505: investigate deanonymization potential by the desktop user added
#3 Updated by intrigeri 2014-06-21 14:05:08
- related to Feature #6549: Prevent MAC address leak for non-root users added
#4 Updated by sajolida 2014-11-05 11:28:39
- Target version set to Hardening_M1
#5 Updated by intrigeri 2015-05-14 10:20:07
- related to
Bug #9366: Is user separation enough to hide Tor state from Vidalia? added
#6 Updated by sajolida 2015-08-14 12:05:50
- Assignee set to jvoisin
#7 Updated by sajolida 2015-09-10 11:59:24
- Target version changed from Hardening_M1 to 2016
#8 Updated by flapflap 2015-12-29 14:55:09
A compromised amnesia user can execute /sbin/ifconfig or netstat -ie and gets the current IP and MAC addresses.
#9 Updated by Dr_Whax 2016-08-20 13:12:18
- Target version changed from 2016 to 2017
#10 Updated by intrigeri 2016-08-27 10:50:52
jvoisin: during the roadmap discussion at the summit, we did not know what was your take on it. If you’re still up to working on it e.g. in 2017, we can keep it on our roadmap. Otherwise, just let me know and I’ll kick it out of the roadmap.
#11 Updated by BitingBird 2017-08-28 20:12:23
- Target version deleted (
2017)
#12 Updated by BitingBird 2017-08-28 20:13:04
- Type of work changed from Research to Security Audit
#13 Updated by BitingBird 2017-08-28 20:13:47
- Target version set to 2018
#15 Updated by cypherpunks 2018-06-04 04:14:06
I opened Bug #15635 with a PoC utilizing X11 and the Unsafe Browser. I also think there’s a rather big risk to allowing unrestricted access to RFC 1918 (local) addresses, since router vulnerabilities that require an attacker positioned on the LAN are absolutely ubiquitous and access to the router itself can fully deanonymize a Tails user.
#16 Updated by intrigeri 2018-06-10 17:05:32
- related to Bug #15635: The Unsafe Browser allows to retrieve the public IP address by a compromised amnesia user with no user interaction added