Jump to content

Microsoft’s own DRM can expose Tor users’ IP address on Windows


steven36

Recommended Posts

Anonymity is critical for the sanctity of the internet and, as it turns out, it could be endangered by Microsoft, thereby putting Windows users at severe risk. It has been discovered that Windows users running the Tor browser can unwittingly reveal their masked identities. This is achieved by exploiting a relatively simple loophole enabled by Microsoft’s own DRM system.

 

CJyUymA.jpg

 

Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsoft's DRM system.

The discovery was made by Hacker House, which says it's been researching social engineering attacks made using DRM-protected content.

What the UK-based security outfit found is that a pretty straightforward bit of social engineering – “click on this media file” – can, at the very least, reveal the user's real IP address.

 

 

Here's what's going on: DRM-protected media has to fetch its licence key from a server. If it's not signed properly, Windows raises a dialogue to warn you.

 

 

“However, this warning DOES NOT appear if the DRM license has been signed correctly and the Digital Signature Object, Content Encryption Object and Extended Content Encryption Object contain the appropriate cryptographic signing performed by an authorised Microsoft License Server profile”, the author writes.

 

 

yAl6uSi.jpg

 

Microsoft sets high barriers to entry for those who want to start signing media: “If you want to build your own Microsoft DRM signing solution the price-tag is around US$10,000,” Hacker House notes.

What they've seen in the wild is someone managing to generate signed content, apparently without paying that toll.

 

 

“As these “signed WMV” files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning”, they write.

The risk that media files could expose users is known to Tor, which warns users to run Tails if they want to run media files.

 

 

It's not the first time people have seen social engineering attacks based on media files: the old “you need a plug-in to play this file” strategy had a Windows DRM variant back in 2013, according to Virus Total.

 

By Richard Chirgwin

https://www.theregister.co.uk/2017/02/06/microsoft_drm_and_tor/

 

 

 

Link to comment
Share on other sites


  • Views 415
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...