The FBI has had a fair amount of success de-anonymizing Tor users over the past few years. Despite the encryption software's well-earned reputation as one of the best tools for online privacy, recent court cases have shown that government malware has compromised Tor users by exploiting bugs in the underlying Firefox browser—one of which was controversially provided to the FBI in 2015 by academic researchers at Carnegie Mellon University.
But according to a new paper, security researchers are now working closely with the Tor Project to create a “hardened” version of the Tor Browser, implementing new anti-hacking techniques which could dramatically improve the anonymity of users and further frustrate the efforts of law enforcement.
Specifically, the researchers are currently testing “Selfrando,” a technique made to protect against browser exploits such as the one reportedly used by the FBI.
The new method is meant to counteract what's known as “code reuse” exploits, where rather than attempting the much harder task of injecting new malicious code, an attacker will exploit a memory leak to reuse code libraries that already exist in the browser—essentially, building malware by rearranging things inside the application's memory.
To do that, an attacker generally needs to have an idea of where certain functions are located within the application's memory space. But the current security mechanisms in browsers only randomize the locations of code libraries, not the individual functions. Which is where the Selfrando technique comes in, creating a random address space for internal code that's much harder to exploit.
“Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers,” the researchers write in their paper, whose findings will be presented in July at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany.
“The Tor Project decided to include our solution in the hardened releases of the Tor Browser, which is currently undergoing field testing.”
Basically what that means is it's about to get harder to hack the Tor Browser, including for law enforcement agencies like the FBI, who complain they already don't have enough resources to develop the malware necessary to catch terrorists and other serious criminals.
And while that defensive advantage may not last for too long, it shows that some in the academic research community are still intent on patching the holes that their peers are helping government hackers exploit.