Researcher Discovered Two Zero-Days on Tor, but There Are More

Last updated September 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

According to reports by security researcher Dr. Neal Krawetz, the Tor Project’s security situation is derailing, and the team behind the popular privacy-protecting browser and network aren’t rising to the occasion. As the man stated, he has already shared the details about two zero-day flaws with the Tor team, but they have done nothing about them.

Moreover, he claims to already hold another three zero-days, which he won’t reveal just yet. This is to allow the Tor Project the time to fix the other two first, as his goal isn’t to put people’s privacy and security at risk.

The researcher reveals that he has reported the flaws to the Tor Project, shared proof of concept exploits, log files, detailed descriptions, examples, and additional explanations. However, the people behind Tor’s development responded by closing the bugs as “known issues,” “informative,” or “brainstormy and researchy.”

These are bugs reported over two years ago and which the Tor Project closed, essentially ignoring the reports. So, the man has decided to open the tap of publicity and release detailed examples of two of the five zero-days he holds, hoping that Tor will do something about them now.

The first flaw describes how ISPs could block Tor users from connecting to the Onion network. It could be based on the identification of network data packet signatures that are characteristic to Tor nodes. The second zero-day was revealed in a follow-up post, giving away enough technical details for its replication and exploitation.

That second flaw describes a way to block Tor bridge relay connections by identifying obfs4 traffic. Bridges are an alternative method of connecting to the Tor network, so the two zero-days combined would allow someone to enforce Tor policies and prevent all ways of connecting to the net privately.

obfs4 IP

Source: The Hacker Factor Blog

As for the three undisclosed flaws, these are even worse, as the researcher said they could be used to reveal the user’s real IP address, de-anonymize Tor servers, and compromise the network in the worst possible way.

Back in April, Tor was forced to lay off 37% of its development team, as the pandemic had severely trimmed the donations and contributions the project received. That said, the Tor Project is already in a dire position - and the zero-day reports that surface are only increasing the rate of trust loss from the user community.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: