FORUMS

[real ip disclosure] Security warning: Orweb Tor Browser

6 posts
Thanks Meter: 2
 
By xordern, Junior Member on 31st May 2014, 09:03 PM
Post Reply Subscribe to Thread Email Thread
The Orweb Tor Browser from the Guardianproject has a really serious security flaw. The actual ip of an user can be determined by using HTML5 video or audio elements, despite the user is connected via the TOR connection.



The problem is the underlying WebView component which doesn't handle proxy settings correctly. There's also a blog post from August 21st, 2013 on this problem. Nevertheless, the browser with over 1 million installations is still available in the PlayStore and might be widely used. The developers offer an alternative solution with the Firefox Addon proxy mobile that isn't affected by this bug.

More details are available at Why you really shouldn't use Orweb anymore.
Quick-Check (to be accessed from Orweb): http://xordern.net/checkip

The ip leakage can be reproduced with at least Android 2.3.5, Android 4.1.2 and Android 4.3.
The Following 2 Users Say Thank You to xordern For This Useful Post: [ View ]
 
 
Post Reply Subscribe to Thread

Tags
flaw, leakage, orbot, orweb, tor
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes