Researcher at Exodus Intelligence have discovered a Zero-day critical vulnerability in security dedicated Linux-based Tails operating system, that could lead to de-anonymize any of the its users identity. The Vulnerability was in I2P software which is a component of the Operating System.
On the blog post Exodus researcher have thoroughly described the vulnerability and also posted a demonstrated video of vulnerability that unmask an anonymous user of the Tails operating system. On the demostrated video researcher have demonstrate the exploit using Tail s 1.1, but they have noted that the current version of the Tails operating system was still vulnerable to methods that could expose the identity of the user
The researchers at Exodus claims they can use the vulnerability to upload malicious code to a system running Tails, execute the payload remotely, and de-anonymize the targeted users’ public IP address as well.
On the blog post Exodus says that actual problem lies in the heavily encrypted networking program called the Invisible Internet Project (I2P). The network layer that Tails uses to hide the user's public IP address from other websites and servers in order to keep the user anonymous on the web.
Video Demonstration
Exodus team had already notify I2P as well as Tails to the problem and said they will not disclose the vulnerability until have released the patched version of Tails. But Exodus have already sell its Zero-day exploit to its clients which includes US agencies and DARPA.
Users should question the tools they use, they should go even further to understand the underlying mechanisms that interlock to grant them security," reads the blog post.
The Exodus Intelligence security researchers also mentioned that they will released more technical details on the vulnerability once the bug get fixed from I2P and the patched version of Tails OS released.
On the blog post Exodus researcher have thoroughly described the vulnerability and also posted a demonstrated video of vulnerability that unmask an anonymous user of the Tails operating system. On the demostrated video researcher have demonstrate the exploit using Tail s 1.1, but they have noted that the current version of the Tails operating system was still vulnerable to methods that could expose the identity of the user
The researchers at Exodus claims they can use the vulnerability to upload malicious code to a system running Tails, execute the payload remotely, and de-anonymize the targeted users’ public IP address as well.
Tails is a Debian Linux-based operating system which integrates tools that run the connection through the TOR network in order to keep the identity of the user secret.Exodus Intelligence claims that there are number of vulnerability present in Security oriented operating system, and there is no available patch.
On the blog post Exodus says that actual problem lies in the heavily encrypted networking program called the Invisible Internet Project (I2P). The network layer that Tails uses to hide the user's public IP address from other websites and servers in order to keep the user anonymous on the web.
Video Demonstration
Users should question the tools they use, they should go even further to understand the underlying mechanisms that interlock to grant them security," reads the blog post.