2

This is a matter of curiosity more than of practicality, but would it be possible for a hypothetical manufacturer (hereinafter referred to as International Company Of Mystery or INCOMOM) so inclined to bundle a functioning TOR node, or the capability to turn the users computer into a node, into their usb products without the average power user realizing?

I think "power user" is both vague enough to be somewhat unhelpful, and open enough that someone more knowledgeable than I could answer to a more useful specific case.

e.g.: USB mouse needs a configurator to run properly, with this configurator itself operating the node. Could this approach be used to mask traffic?

Would this work? Would it actually provide any tangible benefit to INCOMOM, as well intentioned as they clearly are?

The only thing I can imagine being a benefit would be increased traffic on the network making it harder to have sufficient precision in timing at exit nodes when attempting to track an individual (the mechanics of which I know little about). I'm guessing that would require these devices to both function as a node and utilize the network in order to create the additional traffic. Would that actually work?

Ajacmac
  • 21
  • 3

1 Answers1

2

Would it be possible to deploy: Yes

USB can be configured as a HID device and yield the potential of root access to a computer it is plugged into.

Would it be possible with out a power user noticing: Maybe?

If it is just a node and not an exit node the bandwidth would be low enough that most users wouldn't notice any degradation in speed ... and thus wouldn't know to look for it.

If a power user was looking for it, it would be hard to hide from things like "tcpdump" ... even if you could some how prevent them from seeing the extra traffic on there computer if they sniffed the physical connection between there computer and the router ... they would still see it.

I guess it depends on your power user

See Also:

Community
  • 1
CaffeineAddiction
  • 7,517
  • 2
  • 20
  • 40
  • I'm familiar with the idea of HID device abuse, but didn't really think about that here. Depending on the type of device the functionality could also be bundled into included software, many devices commonly requiring such software to function properly. I'll add that to my question as a possible example. Thanks! – Ajacmac Sep 01 '16 at 16:58
  • @CaffeineAddiction Even if you were able to successfully compile tor on a Atmel AVR or similar arch, I doubt it would fit in the ROM. – Yorick de Wid Sep 01 '16 at 17:26
  • 1
    @YorickdeWid you wouldn't need to ... just need to get root on the box its plugged in to ... in order for tor to work the host needs inet access ... thus you can pull all the install files down from the internet. All you need is the thing to initially kick it off. – CaffeineAddiction Sep 01 '16 at 17:58
  • @CaffeineAddiction obviously, and thats the only way it is going to work. But the OP specifically asks about bundled software. – Yorick de Wid Sep 01 '16 at 18:03
  • I'm thinking this over now, and it's become very obvious that **yes** it's possible, but the bigger question that I was hoping would be illuminated en route is what would the benefit to the hypothetical company be? Would someone, anyone, actually benefit from this kind of thing in reality? _I think I need to update my question_... – Ajacmac Sep 01 '16 at 18:10
  • 1
    @YorickdeWid meh, you could store the installer on the USB device and do a full deploy from the device itself ... if you can make a USB device an HID device then it should be easy enough to make it act like a USB hub w/ a HID device and a thumbdrive ... could even mock the thumb drive so it has 500mb of a 5gb flash drive with the HID code having access to the rest of the 4.5gb – CaffeineAddiction Sep 01 '16 at 18:24
  • @CaffeineAddiction Allright, with some creativity, in theory, it is possible. +1 – Yorick de Wid Sep 01 '16 at 18:31
  • 1
    @Ajacmac I don't see any benefit, but since this thread has taken an very open minded approach (CaffeineAddiction), lets drift: One could modify the TOR source to only allow traffic from, say, a TOR client with a hardcoded password. This TOR node is then stored somewhere and the firmware on the hardware then uses its system permissions to retrieve the modified TOR node, install it and run it as a driver near the kernel. The driver is important, because it makes it much, *much*, harder to detect. Obviously it will need a certificate, but that should not be a problem for such a company. – Yorick de Wid Sep 01 '16 at 18:36
  • I just realized that this whole thing would probably be a much more effective idea if it were to create a proxy using the host machine that someone could then use to mask their own activity. – Ajacmac Sep 02 '16 at 01:57
  • "So THAT'S what all those kickstarter campaigns were really about!' said Sherman, tinfoil hat glinting in the flickering light from his CRT. – Ajacmac Sep 02 '16 at 02:04