Published in News

Windows 10 DRM exposes Tor users

by on03 February 2017

Better to stick to Linux

If you want to use the Tor browser safely to avoid your local government seeing your doings it is probably not a good idea to use Windows 10.

Security experts from Hacker House have warned downloading and trying to open Windows DRM-protected files can de-anonymize Tor browser users and reveal their real IP addresses,.

DRM-protected multimedia files in Windows have been used by hackers since 2005, but until recently, they've only been used to spread malware.

In the good old days the hackers would try to get you to open and playing DRM-protected files.These files would open in the Windows Media Player, and users would see a popup that asked them to visit a URL to validate the file's license.

Users who agreed were redirected to an "authorization URL." Unknown to users is that malware authors could modify these links and point users to exploit kits or malware-laced files.

Hacker House researchers have found out that this popup has been asking users if they wanted to visit the authorization URL would only appear for DRM files that have not been signed with the proper tools.

If the attacker signed the DRM-protected multimedia files with official Microsoft SDKs such as Windows Media Encoder or Microsoft Expression Encoder, the popup would not show, and the user's player would automatically open an Internet Explorer instance and access the authorization URL.

Setting up this hack is rather pricey so hackers can't be bothered but state-sponsored attackers or law enforcement agencies, who have the financial and physical resources will do it. It would be rather a good scheme for spooks trying to catch ISIS militants who tend to watch rather a lot of videos and tend to lack brain cells.

Last modified on 03 February 2017
Rate this item
(0 votes)

Read more about: