The HTTPS sniffing relays did not target all connections passing through them. Their connection sampling rates varied between 12 and 68 percent, the researchers said in the paper.
They also only appeared to target connections to particular websites. For example, Facebook.com was targeted, but other sites in the Alexa top ten list or popular Russian social media sites were not.
It's possible the connection sampling and destination targeting techniques were intended to make the attacks harder to detect. However, it also made them a lot less effective, especially when also considering the certificate errors they triggered.
"We don't know how many users were actually tricked, but we don't think it's many because people wouldn't expect a certificate error if they go to Facebook," Winter said. "We tried to figure out what they were actually doing with this, so we set up a fake Facebook profile and logged into it through one of those malicious relays. We didn't see anyone logging in after us."
"I'm not even sure if they captured passwords," the researcher said. "Maybe it was just an experiment. It didn't seem like a very sophisticated and serious attack to us."
There's a possibility that the man-in-the-middle attacks happened upstream of the exit relays, on their ISP's network, for example. However, the researchers believe that's unlikely because there was one malicious relay with the same particularities that was located in the U.S., so in a different region and network. That suggests that the relays themselves were the source of attack.
While the number of victims is likely to be very small, this new research shows that Tor exit relays can and do get abused for malicious purposes.
The two researchers developed a patch for the Tor Browser Bundle in the form of a browser extension that informs users when a MitM attack is potentially in progress and offers the option to send an anonymous report to the Tor Project. When it detects a certificate error in the browser, the extension opens a connection to the destination site through a different Tor exit relay and compares the certificates received in both cases. If they differ, it was probably a man-in-the-middle attack attempt.
However, this approach does have limitations. For example, if an attacker controls a large number of exit relays and they're all set up for MitM HTTPS sniffing, the chances of detecting an attack by comparing certificates received over two exit relays decreases.
Also, the extension wouldn't detect MitM attacks that use fraudulently obtained certificates signed by trusted certificate authorities, as those certificates would automatically be trusted by browsers and wouldn't result in errors.
However, such certificates represent a risk for the entire Internet, not only Tor, Winter said. The solution should be something that fixes HTTPS as a whole, he said.
Fortunately, there are ongoing efforts to address this problem at the protocol level.
Sign up for CIO Asia eNewsletters.