Tor team has been working hard to stop FBI from hacking the Onion browser and track users — The team is now gearing up to create a hardened version of the Browser!
There has been a fair share of work done to decrypt the Tor browser and any of its users who might be connected to illegal activities. The FBI has been largely involved in most of the acts over the past few years. The Tor browser network is widely lauded as the safest tool when it comes to online privacy, but in recent court cases that have been presented to the public, there seems to be a viable government malware that is capable of exploiting existing bugs in the Firefox browser. The exploit, it turns out was provided to the government back in 2015 by the researchers over at the Carnegie Mellon University.
However, a new paper shows that concerned security researchers determined to create an impenetrable browser, are now working in conjunction with the Tor Project developers to create a hardened version of the Browser. In this new and improved Tor Browser, they are aiming to create; they want to include nee anti-hacking techniques which would drastically improve the anonymity and security of users and also in a way frustrate attempts by the government to decrypt information.
One of the techniques that the security researchers are specifically researching is the Selfrando technique. The technique was made to protect against any browser exploits such as the one that has been shown to be done by the FBI.
The code would be used to counteract what the security researchers call the ‘code reuse’ exploits. In this case, attackers usually exploit the memory leak in reusing the code libraries instead of injecting new malicious codes in the network. They use libraries that are already inside the browser and therefore building malware by rearranging the things contained in the application’s memory.
Attackers in such cases need to know where all the certain functions they are aiming for are located within the application memory space. However, the current security mechanisms in the browsers only randomize locations of the code libraries and not the individual functions as expected. This is where the Selfrando technique comes into play, and therefore creates an internal code which will be very hard to exploit.
In the paper (Pdf) that they wrote, the researchers said that their solution would significantly improve the security over the standard address space layout randomization. These are the techniques which are currently employed by the Firefox browser and many mainstream browsers. Thy plans to present the plan to their findings at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany in July. They also wrote that the Tor Project had accepted to include their technique into the hardened releases of the new Tor Browser.
So with this news, it means that the law enforcement agencies are going to have a tough time hacking into any of the information that will be in the browser. Agencies such as the FBI already complain that they don’t have enough resources to take down terrorists and criminals on the browser are about to get another thing coming their way.
The move by the researchers shows that some people in the security field are still intent on getting the general public some privacy no matter who it affects.