Tails I2P Vulnerability Puts Thousands at Risk

Tails, the OS designed by the same engineers behind the now-infamous Tor protocol, is under threat.

Earlier this week, Austin-based zero day vendor Exodus Intelligence revealed that the I2P protocol on which Tails depends to anonymize its movements online, has been compromised by a new packet-sniffing technique that could put its userbase of around 30,000 at risk of being discovered.

Short for “The Amnesic Incognito Live System”, the surveillance-free centric nature of this Linux build lends it well to any users who want a sort of all-in-one solution to their privacy concerns,

Underground hackers aren’t the only one’s who need a veil of secrecy to go about their daily business either, many nation states and their intelligence agencies need dependable channels through which they can transmit classified information over vast distances, and now that Tails has shown its weakness, both criminals and opposing countries will be able to exploit the whole to tap into each others clandestine communications.

“Users should question the tools they use, they should go even further to understand the underlying mechanisms that interlock to grant them security,” Exodus said in a blog post on Wednesday.”

Tails is preferred for its highly versatile nature, with the ability to run on anything from a USB stick to an SD card, its provides a quick, portable solution for people who want the most protection they can get in a fraction of the time it would take to use other available options such as Tor.

Exodus says they are willing to give the developers of Tails information on how to patch their hole pro-bono this time around, likely due to the fact that many of its employees rely on the service to chat with contract workers from around the world who discover weaknesses for profit. Without those covert cables available to them, any information the business gathers could be at risk, allowing hackers the opportunity to sit back and wait while other people do the hard work for them, only to swoop in at the last minute to eavesdrop on where all the latest exploits are and how/when they might be patched.

“The vulnerability we will be disclosing is specific to I2P. I2P currently boasts about 30,000 active peers. Since I2P has been bundled with Tails since version 0.7, Tails is by far the most widely adopted I2P usage. The I2P vulnerability works on default, fully patched installation of Tails. No settings or configurations need to be changed for the exploit to work,” the Exodus team wrote in a post explaining a bit about the flaw.”

And speaking of Tor, just a few days ago Russian president Vladimir Putin promised over $110,000 USD to anyone within the former Soviet Union’s borders who could crack the anonymization service so he and his intelligence agency could easily locate and identify users who rely on the meshnet to protect themselves from a government which has grown increasingly hostile to privacy efforts in the past few months.

If the current trend continues, programmers and developers will need to come up with new, even more inventive ways to keep your most personal information under wraps, which considering the amount of time Tor and Tails took to get to where they are now, could only come once it’s already too late.