Yes, the FBI exploited a Firefox vulnerability to drop NIT malware on Playpen users. And said malware phoned home to FBI servers, bypassing Tor.
However, any Whonix users would not have been affected, for two reasons. One, this was Windows malware, and Whonix is based on Debian. Two, Whonix comprises a pair of Debian VMs, a Tor-gateway VM and a workstation VM. Even if the malware had pwned the workstation VM, there is no route to the Internet except through Tor.
Wait, did they reveal how their exploit worked? I thought they had already dropped two cases rather than reveal the internals of the NIT? Like Tor Browser could still be unpatched for this?
Yes, they didn't reveal the Firefox bug or the details of NIT. And yes, Tor browser could still be vulnerable.
You must isolate Tor process and userland in separate VMs, or even separate physical devices. Even if the browser gets pwned, and the NIT gets dropped, you'll be OK, because the Internet is reachable only through Tor. Whonix is an easy to use implementation.
I've been ragging on Tor Project about this for years. But they don't want to frighten people by making Tor too complicated to use. You could be cynical, and say that they want the cannon fodder for their government masters. Or you could say that they think it's more important to protect the most people, rather than to most strongly protect technically competent people. I have no clue what the truth is. Maybe there's a range of opinion.
If Tor is too difficult to use, people won't use it. Edward Snowden and Laura Poitras had to dedicate a significant amount of time to get Glenn Greenwald to just use TAILS, a plug and play Tor operating system. Someone like that is not going to use Whonix, even if maybe they should be.
Yeah, I get that. And I realize that I've gone off the deep end. It's hard to imagine anymore how easily people's eyes glaze over. I've written guides that lay everything out, step by step. And many people still can't seem to get it.
But Whonix really is trivial. You install VirtualBox. You download the Whonix gateway and workstation appliances. You import them in VirtualBox. You start them. You work in the workstation VM. There's nothing to configure. That literally should be enough information to use Whonix. Plus there's a wiki and a support forum.
The workstation VM has no route to the home router except through the Tor gateway VM. With Whonix, the gateway VM isn't even a NAT router. Plus there are iptables rules that block everything except Tor. The gateway VM only exposes Tor SocksPorts to the workstation VM. You'd need to break the network stack in the gateway VM in order to bypass Tor.
Right so can't I just add one then? Most vm setups I might have a default route to the other VM running tor but I can still talk to e.g 192.168.0.1 even if I'm not putting traffic through it.
Is this some kind of 'vm specific' virtual network which can't talk on the real lan? Is that implemented on the hypervisor?
Yes, it depends on VirtualBox. But there are versions for KVM, and for Qubes. More of a nonstarter, though. Or even using physical devices, such as Raspberry or Banana Pi.
Years ago, I created a LiveDVD with VirtualBox plus Whonix gateway and workstation VMs. I had to hack at both Whonix VMs to reduce size and RAM requirements. But I got a LiveDVD that would run with 8GB RAM. It took maybe 20 minutes to boot, but was quite responsive.
In theory breaking properly-configured Whonix would require a VM escape, pretty much the holy grail of exploits (a few have happened recently). The alternative is a complete break of Tor, which has proven unlikely.
However, any Whonix users would not have been affected, for two reasons. One, this was Windows malware, and Whonix is based on Debian. Two, Whonix comprises a pair of Debian VMs, a Tor-gateway VM and a workstation VM. Even if the malware had pwned the workstation VM, there is no route to the Internet except through Tor.