Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft Windows DRM issue could be exploited to uncloak Tor Browser users

HackerHouse researchers have discovered that media content protected by Digital Rights Management (DRM) can be used to uncloak Windows Tor Browser users. The anonymity of the Tor users is threatened by a new issue related the Microsoft’s DRM. Windows users running the Tor browser can be de-anonymized with a trick based on the Microsoft DRM (Digital Rights […]

Microsoft Windows DRM issue could be exploited to uncloak Tor Browser users

HackerHouse researchers have discovered that media content protected by Digital Rights Management (DRM) can be used to uncloak Windows Tor Browser users.

The anonymity of the Tor users is threatened by a new issue related the Microsoft’s DRM. Windows users running the Tor browser can be de-anonymized with a trick based on the Microsoft DRM (Digital Rights Management) mechanism.

The discovery was made by researchers at Hacker House while they were conducting a study on social engineering attacks made by using a content protected with DRM.

Tor users can be unmasked by clicking on a media file revealing the user’s real IP address.

“DRM is a licensing technology that attempts to prevent unauthorised distribution and restrictive use of a media file. It works by encrypting the video and audio streams with an encryption key and requesting a license (decryption key) from a network server when the file is accessed. As it requires network connectivity it can cause users to make network requests without consent when opening a media file such as a video file or audio file. WMV is using Microsoft Advanced Systems Format (ASF) to store audio and video as objects. This file format consists of objects that are labelled by GUID and packed together to make a media package.” reads the analysis published on myhackerhouse.com.

Simplifying the problem, DRM-protected content has to fetch a license key from a server in order to be displayed. Windows raises a dialogue to the user is the content If isn’t signed properly.

Windows DRM Tor

“However, this warning DOES NOT appear if the DRM license has been signed correctly and the Digital Signature Object, Content Encryption Object and Extended Content Encryption Object contain the appropriate cryptographic signing performed by an authorised Microsoft License Server profile”

Windows DRM Tor

Researchers at Hacker House highlighted that Microsoft requests an expensive fee to users that want to sign media.

“DRM is expensive business and unless you use the SDK to develop your own application you will likely need to make use of a license provider to encrypt your WMV files using these tools and also for signing purposes. If you want to build your own Microsoft DRM signing solution the price-tag is around $10,000.” states Hacker House.

The experts have discovered online serviced managing to generate signed content avoiding a so expensive payment. These Windows DRM providers that could be used to sign user media can decloak Tor users.

“There are several free DRM providers who could sign your media for you however as the barrier to entry to the DRM market is the aforementioned price tag, it makes you wonder how these files are being signed in the wild!” continues the analysis.

“As these “signed WMV” files do not present any alert to a user before opening them they can be used quite effectively to decloak users of the popular privacy tool TorBrowser with very little warning”, they write.

Experts at the Tor Project are aware of the possibility that hackers track Windows Tor users leveraging on Windows DRM issue. They invite users to run Tails if they need to run media files.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Windows DRM, Tor)