Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[real ip disclosure] Security warning: Orweb Tor Browser

OP xordern

31st May 2014, 10:03 PM   |  #1  
OP Junior Member
Flag Southern Germany
Thanks Meter: 2
 
6 posts
Join Date:Joined: May 2009
The Orweb Tor Browser from the Guardianproject has a really serious security flaw. The actual ip of an user can be determined by using HTML5 video or audio elements, despite the user is connected via the TOR connection.



The problem is the underlying WebView component which doesn't handle proxy settings correctly. There's also a blog post from August 21st, 2013 on this problem. Nevertheless, the browser with over 1 million installations is still available in the PlayStore and might be widely used. The developers offer an alternative solution with the Firefox Addon proxy mobile that isn't affected by this bug.

More details are available at Why you really shouldn't use Orweb anymore.
Quick-Check (to be accessed from Orweb): http://xordern.net/checkip

The ip leakage can be reproduced with at least Android 2.3.5, Android 4.1.2 and Android 4.3.
The Following 2 Users Say Thank You to xordern For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Tags
flaw, leakage, orbot, orweb, tor
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes