Onion Browser is a minimal web browser that encrypts and tunnels web traffic through the Tor onion router network and provides other tools to help browse the internet while maintaining privacy
Cure53 conducted a penetration test against the Onion Browser in 2014. and yielded an overall result of ten vulnerabilities and seven general weaknesses which are all documented in this report. Given the purpose of the application and the resulting threat-model, half of the ten spotted vulnerabilities were classified as critical and have since been resolved.
The target in scope for this test encompassed a specific version of the Onion Browser source code. Tests were performed against the source code, the compiled app and the commercial app downloaded from the iTunes Store on both the XCode iOS simulator and real devices.
The project was tested at a very early stage, which likely contributed to a discovery of several critical vulnerabilities. Those allowed an attacker to fully uncloak a Tor user’s real IP address in many different ways. All issues have since been addressed.
The full report and summary of findings can be found below.