The way the onion routing is defined in the Tox specification and Toxcore erroneously not restricting the packets that can be onion-routed allows for some interesting interactions that weren’t meant to happen. Alice has no way to distinguish onion and non-onion packets - she has no idea if the packet originated from the node it received the packet from, or if the packet was relayed on someone else’s behalf as part of an onion-routing. By the Tox protocol specification, when Alice makes an onion-routed request to Bob and then Bob sends an onion-routed response back to Alice, the payload of the onion-routed response sent by Bob arrives to Alice as it is, stripped of any identification that it was ever onion-routed by the last onion hop, and is interpreted as a regular Tox packet by Alice. The vulnerability is caused by the Onion module of Toxcore erroneously allowing to onion-route any data, any Tox packets, without a restriction. Here are the technical details of the vulnerability. ![]() If you use the TCP-only mode, you are fully protected as you are not affected by the vulnerability. Note that this applies only to the UDP mode. The more people use the patched Toxcore, the less is the chance to be vulnerable. So in order to be protected from the vulnerability, everyone should switch to using the patched Toxcore. ![]() The way the patch works is that it can’t protect you from the vulnerability but it can and does protect other peers. You can immediately mitigate the vulnerability for yourself by using TCP-only mode.ĭue to the nature of the vulnerability, using Toxcore in which the vulnerability is patched is not enough to protect yourself. We urge everyone to update to the latest TokTok c-toxcore as soon as possible. The vulnerability was found when Evgeny was working on tox-rs project – a Tox implementation in Rust. The vulnerability was privately reported to us by Evgeny Kurnevsky on April 14th and publicly disclosed with our permission on April 15th, along with a patch fixing the vulnerability, made by Evgeny Kurnevsky. irungentoo’s toxcore was patched after this post was written. irungentoo’s toxcore doesn’t have the vulnerability patched as of this moment and it’s unknown if it ever will, as it hasn’t been actively maintained for years. ![]() TokTok’s c-toxcore has patched the vulnerability in version 0.2.2. TCP-only mode is not affected by the vulnerability. The vulnerability affects only UDP mode of operation. The vulnerability affects both TokTok’s c-toxcore and irungentoo’s toxcore. This is a vulnerability in an implementation of the Tox protocol, a vulnerability in the Toxcore library, not in the Tox protocol itself. Thus, being able to learn the IP of an owner of a Tox Id without them accepting a friend request is an undesired behavior. The Tox protocol is designed in such a way that only friends (contacts) which you have accepted friend requests of are able to learn your IP based on your Tox Id and no one else. A vulnerability was discovered in Toxcore that allows one to learn the IP of a target user by only knowing their Tox Id and without being friends with the target user.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |