DEV Community

Cover image for Millions of Phones Leaking Information Via Tor
Paulo Renato
Paulo Renato

Posted on

Millions of Phones Leaking Information Via Tor

In this article we can read that researchers Adam Podgorski and Milind Bhargava, from Deloitte Canada, have setup several TOR exit nodes just to see what they could find, and they claim that 30% of all Android devices, and 5% of iOS devices, are transmitting data that could be used to build a strong profile of an individual.

TLDR

The data being collected

In a series of demonstrations, including live dashboards shown by Bhargava, the researchers showed what data they had collected from mobile users that were inadvertently using Tor. The data included GPS coordinates, web addresses, phone numbers, keystrokes and other PII.

How did the researchers collected the data

Bhargava explained that the exit nodes the researchers set up intentionally attempted to force browsers to not use encrypted versions of websites, forcing the devices to regular HTTP when possible. With data coming to the exit node without encryption, it was possible for the researchers to see the user data. Bhargava noted that for sites that force HTTPS encryption and do not offer any fallback option to regular un-encrypted HTTP, they wouldn’t be able to see the users data.

Are you sure that TOR is not installed in your device?

Also of note, Bhargava admitted that he found his own phone number in the data, which was a surprise to him, as he had not installed Tor on his device. The only applications on his phone were applications installed by the carrier.

Lets's Discuss

This bit of the article is what worries me the most:

What the researchers determined is that Tor is being bundled, embedded and installed in other applications and users are not aware of its existence. It was not entirely clear to the researchers why Tor was being bundled with so many applications. Podgorski said that it could be due to a misunderstanding of the technology and how it can be used.

In your opinion is TOR being bundled and used in the mobiles devices to track us secretly, or do you think that the developers just misunderstood the TOR technology and how it should be used?

Please leave your opinion in the comments.

Top comments (0)