Researchers Find a Way to Harvest Unencrypted Tor Network Traffic DataByBill Toulas-October 16, 2019.305 Researchers from Deloitte have succeeded in identifying people with their Gps coordinates and recording keystrokes. The Oems liable for this were not exposed to the public for now but have not done anything about it either. According to two researchers working for Deloitte Canada, am Podgorski and Milind Bhargava, there is a way to collect unencrypted Tor network data from exit nodes and then piece the data fragments together in the stuff that can be different in mobile space. Gps coordinates web addresses surfing patterns Phone numbers Imei numbers and even keystrokes that can come from any program on the phone are the data that the researchers managed to collect together. All this occurs on mobile devices including both Android (95 percent) and iOs (5 percent) systems, as we have said. As the researchers point out, on these mobile phones, Tor technology is most likely built by applications that have taken Orbot code and integrated it into their solutions. Perhaps the creators of these apps uphold the illusion that Tor traffic is automatically encrypted with encryption, but that’s not really the case with H?. For the time being, the researchers do not reveal the names of the Oems apps and advertisers responsible for these sensitive data leaks, but they call them “common in Asia and North America.” The researchers reached out to these Oems and developers to notify them about the issue as planned but they have not received any response yet. Still, revealing more data at this stage would be too risky as that would make a large number of users vulnerable. To make matters worse, there is nothing that users can do to protect themselves against this issue, especially in cases where Oem-installed software tools can not be removed. An intruder could use the data to steal credentials or phish the victim for extortion of monitor capture payment info. An undisclosed number of Pii users (personally identifiable information) have been exposed to the Asus router app called “AsusWrt” which people use to easily configure and manage their WiFi network. The data breach was discovered on September 15, according to researchers Noam Rotem and Ran Locar of the vpnMentor team, and Asus immediately acknowledged the breach. However, the two say other researchers already knew about the open database, so it is very likely that the data would soon find their way to marketplaces in the darknet. AsusWrt’s security is important as it acts as a priority for all internet-enabled devices like Amazon Alexa and other IoTs. The Pii revealed in this incident includes the following: Ip dress User’s name Application information Ifttt commands Longitude Latitude coordinates Location: Country City Commands The actual names of the people are absent from the database entries but a skilled hacker could easily work them out from the rest of the information on display. Furthermore, the fact that the leak contains the “user behavior” of Amazon Alexa exposes the people to several possibilities of online and offline attacks including impersonation and phishing theft and more. By using all of the above an attacker may compromise any computer that is connected to the router very easily. Until now, if you’ve used AsusWrt, you can uninstall it immediately and disconnect all devices from your home network. Asus will release a patch shortly that fixes the leak but you shouldn’t take the risk until then. This is another reminder that it may be easy to use “centralized” applications and systems, but they come with a risk of large and multilevel exposure.