Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

Cover image for Millions of Phones Leaking Information Via Tor
Paulo Renato
Paulo Renato

Posted on

     

Millions of Phones Leaking Information Via Tor

Inthis article we can read that researchers Adam Podgorski and Milind Bhargava, from Deloitte Canada, have setup severalTOR exit nodes just to see what they could find, and they claim that 30% of all Android devices, and 5% of iOS devices, are transmitting data that could be used to build a strong profile of an individual.

TLDR

The data being collected

In a series of demonstrations, including live dashboards shown by Bhargava, the researchers showed what data they had collected from mobile users that were inadvertently using Tor. The data included GPS coordinates, web addresses, phone numbers, keystrokes and other PII.

How did the researchers collected the data

Bhargava explained that the exit nodes the researchers set up intentionally attempted to force browsers to not use encrypted versions of websites, forcing the devices to regular HTTP when possible. With data coming to the exit node without encryption, it was possible for the researchers to see the user data. Bhargava noted that for sites that force HTTPS encryption and do not offer any fallback option to regular un-encrypted HTTP, they wouldn’t be able to see the users data.

Are you sure that TOR is not installed in your device?

Also of note, Bhargava admitted that he found his own phone number in the data, which was a surprise to him, as he had not installed Tor on his device. The only applications on his phone were applications installed by the carrier.

Lets's Discuss

This bit of the article is what worries me the most:

What the researchers determined is that Tor is being bundled, embedded and installed in other applications and users are not aware of its existence. It was not entirely clear to the researchers why Tor was being bundled with so many applications. Podgorski said that it could be due to a misunderstanding of the technology and how it can be used.

In your opinion is TOR being bundled and used in the mobiles devices to track us secretly, or do you think that the developers just misunderstood the TOR technology and how it should be used?

Please leave your opinion in the comments.

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
  • Location
    Scotland
  • Education
    Self teached Developer
  • Work
    Developer Advocate for Mobile and API Security at approov.io
  • Joined

More fromPaulo Renato

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp