Security audit of safeplug “Tor in a box”

Anne Edmundson, Anna Kornfeld Simpson, Edward W. Felten, Joshua A. Kroll

Research output: Contribution to conferencePaperpeer-review

Abstract

We present the first public third-party security audit of Pogoplug’s Safeplug device, which markets “complete security and anonymity online” by using Tor technology to protect users’ IP addresses. We examine the hardware, software, and network behavior of the Safeplug device, as well as the user experience in comparison to other forms of web browsing. Although the Safeplug appears to use Tor as advertised, users may still be identified in ways they may not expect. Furthermore, an engineering vulnerability in how the Safeplug accepts settings changes would allow an adversary internal or external to a user’s home network to silently disable Tor or modify other Safeplug settings, which completely invalidates the security claims of the device. Beyond this problem, the user experience challenges of this type of device make it inferior to the existing gold standard for anonymous browsing: the Tor Browser Bundle.

Original languageEnglish (US)
StatePublished - 2014
Event4th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2014, co-located with USENIX Security 2014 - San Diego, United States
Duration: Aug 18 2014 → …

Conference

Conference4th USENIX Workshop on Free and Open Communications on the Internet, FOCI 2014, co-located with USENIX Security 2014
Country/TerritoryUnited States
CitySan Diego
Period8/18/14 → …

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software

Fingerprint

Dive into the research topics of 'Security audit of safeplug “Tor in a box”'. Together they form a unique fingerprint.

Cite this