Digital Assurance Blog Heartbleed and TOR in practice

The TOR project was quick to respond to the recent Heartbleed OpenSSL vulnerability with a well (prepared) put together statement detailing the likely impact of the vulnerability. As it turned out their initial assessment was pretty much spot on if a little gently worded.What do I mean by that? Well as it turns out we have confirmed some quite troubling implications for Tor users and operators.1) Around half of the TOR relays we examined directly exposed the Heartbleed vulnerability to the Internet via their OR port (typically 443/tcp or 9001/tcp). Obviously the TOR relay list is public and therefore relays may be readily targeted.2) Almost all vulnerable TOR relays were found to, eventually, give out sensitive details including but not limited to:a.) Configuration detailsb.) Indications of hosting hidden servicesc.) TOR circuit state tablesd.) Fragments of exit traffic3) TOR clients are very much open to this attack if the underling SSL libraries are vulnerable and may be exploited by a malicious relay. A malicious relay can be put together by either modifying the TOR source and re-compiling or by simply redirecting the inbound OR port connection to an evil TLS daemon. A malicious relay can potentially obtain IP address information from a client that is 2 or 3 hops remote and are otherwise geographically hidden from each other - this has very serious implications so it is imperative that TOR users update their client software SSL libraries.If you are using the TOR Browser Bundle (TBB) then you need to download and version 3.5.4 now if you have not done already.For non-TBB TOR users the fix is to be found in updated SSL libraries directly rather than packaged in with a TOR update. If you are operating a relay, bridge or hosting hidden services then you need to update OpenSSL and libSSL. You should also consider deleting your relay keys and regenerating. If you are operating a hidden service then again, you need to be updating OpenSSL and libSSL - you then need to consider if it is necessary for you to regenerate your hidden service keys.A hidden service connecting via a malicious guard node could find itself de-anonymised unless patched. Even after patching your server, it is possible that a hidden service connecting via a vulnerable guard could be de-anonymised by a heartbleed attack against the guard node itself.Whilst Heartbleed is one of most serious bugs disclosed for a long time, and one that can seriously impact TOR users, there is at least a clearly defined fix which is relatively simple to deploy. Do not forget though that even if your system or endpoint is patched, it does not mean that the parties that you are relaying through are which can result in the disclosure of circuit and potentially IP information.