[tbb-bugs] #18702 [Tor Browser]: Downloaded files integrity

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 1 09:30:19 UTC 2016

#18702: Downloaded files integrity
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
 Malicious exit nodes can modify downloaded files in the way they will
 cause malicious activity. For example, they can add malware to executables
 or embed exploit into PDFs. Most of binaries in the Web are non-signed and
 downloaded via http. Even if they were signed, there is no way for a Tor
 user to know that they were signed prior malicious modification removing
 any trace of a signature.

 So we need a bot downloading different binaries via different exit nodes
 and non-torified connections, comparing the results and blacklisting
 malicious exit nodes.

 Naive implementation is vulnerable to the attack: a malicious website can
 give a randomized binary to victim exit nodes causing them to be
 blacklisted. Malicious CDNs or NSA hardware in main ISPs can be much more
 dangerous and stealthy.

 Maybe we should ship a db of hashes of popular binaries (programs, pdfs,
 etc) and check their integrity?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18702>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list