Unencrypted Traffic in the Tor Network Exposes Sensitive Data

Security researchers Adam Podgorski and Milind Bhargava have developed a method to profile users of the anonymous Tor network by collecting and analyzing data from Tor exit nodes. According to the researchers, they were able to gather information about specific mobile device owners, including GPS coordinates, web addresses, phone numbers, and keystrokes.

Podgorski and Bhargava discovered that anonymizers and the Tor network transmit unencrypted mobile traffic without users’ knowledge. The researchers determined that 95% of this traffic comes from Android devices, while 5% originates from iOS devices. The traffic was generated by mobile applications installed by device manufacturers, cellular operators, and users themselves. “We believe the source of the unencrypted traffic is the Tor code installed on these devices, and users are completely unaware of it,” Bhargava noted.

Although the Tor Project offers its own Android app called Orbot, third-party developers often use Tor functionality in their own applications. They mistakenly assume that all Tor traffic is either encrypted or anonymous by default. Many do not understand how Tor works and believe it can encrypt unencrypted HTTP traffic.

The researchers have not disclosed the names of the leaking applications or their developers. However, they stated that the issue affects a wide range of programs, from the most popular to little-known ones. About four months ago, Podgorski and Bhargava notified all developers of the vulnerable software about the problem, but have yet to receive any response.