According to researchers, mobile carriers may be misusing the Tor network because they don’t understand what it is. Independent research has described how data on Tor can be scraped to create profiles on mobile users.
Adam Podgorski and Milind Bhargava, Deloitte Canada researchers, conducted separate research. Both found they could scoop user’s data from three Tor Exit Nodes and create user profiles. Tor is noted for its apparent encryption and Exit Nodes encrypt traffic on the network before it goes online.
The researchers say Tor is moving the unencrypted data online without users known. Podgorski and Bhargava say this unencrypted traffic is 5 percent from iOS but 95 percent from Android. All the data comes from apps installed by telecommunications carriers and OEMs.
“We believe that the source of the unencrypted traffic is Tor code being installed on these mobile phones, and users are not aware of its existence,” Bhargava said.
Mobile developers likely leverage Tor because they believe all traffic on the network is encrypted. However, this research shows that is not always the case.
“There appears to be a fundamental misunderstanding about what Tor is, with some mobile developers assuming using Tor protects HTTP (unencrypted) traffic from being seen,” Podgorski said.
3 percent of all traffic on the network comes from mobile hardware and research found 30 percent of this mobile traffic is not encryption protected. This is specifically for HTTPS traffic but that translates to the majority of all traffic.
Neither Podgorski or Bhargava has disclosed the names of the OEMs, apps, and carriers involved in the leaked data. All parties have been informed privately but have not responded, according to the researchers.
“About four months ago we reached out to everyone impacted by these insecure apps,” Bhargava said. “We still haven’t heard back from any of them.”