Your phone is using TOR and leaking your PII

Tech 2 (718B) October 10, 2019 2:45 pm - 3:45 pm Feedback     

Bookmark and Share

Milind Bhargava
Adam Podgorski

Do you have a cellphone? Do you run apps on it? Your personal information is most probably traversing over TOR without your knowledge or consent.

As part of our research, we identified a surprising amount of unencrypted, sensitive and confidential user data originating from mobile devices traversing the TOR network, which included: GPS coordinates, WiFi BSSID, and general keys typed by the user. In some cases, we were able to build a complete user profile from physical movements to purchasing habits.

There are multiple sources, without the user’s knowledge or consent, which consistently and purposely send personal information unencrypted over TOR. These include pre-designed Mobile Original Equipment Manufacturers (OEM) specifications, approved applications by known digital distribution platforms, such as Apple Appstore or Google Play Store, and advertisements in legitimate popular applications.

At the end of the day, how comfortable are you that anyone can track you?