Security Advisory

All news
Security Advisory

Security Advisory: Do not scan QR codes submitted through SecureDrop with connected devices

We have recently become aware of attacks attempting to exfiltrate data from the SecureDrop airgapped Secure Viewing Station. These attacks come in the form of QR codes that journalists must scan with an internet-connected device such as a phone. The QR code contains a link that sends exfiltrated data from the airgap environment to an attacker. Read More

Security Advisory

How the Tor traffic confirmation attack affects SecureDrop users

On Wednesday morning, the Tor Project published a security advisory detailing an attack against the Tor network that appears to have been trying to deanonymize users. SecureDrop, our open-source whistleblower submission system, is heavily reliant on Tor and uses the anonymity network to facilitate communication between whistleblowers, journalists, and news organizations. For this reason, we wanted to clarify how the attack affects users of SecureDrop. Read More

Security Advisory

How the recent Tails operating system vulnerability affects journalists and SecureDrop

On Wednesday afternoon, vulnerability and exploit research firm Exodus Intelligence disclosed a security vulnerability that would allow an attacker to deanonymize a user of Tails, the operating system that many journalists rely on to communicate securely with sources and that we have written about before. Tails is also integral to SecureDrop, our open-source whistleblower submission system, so we wanted to clarify if and how the vulnerability affects users of this system. Read More

Security Advisory

SecureDrop and the OpenSSL vulnerability

Today a serious vulnerability was reported on OpenSSL versions 1.0.1 through 1.0.1f: CVE-2014-0160, or Heartbleed. SecureDrop runs as a Tor Hidden Service, which we also know is affected. As such, this affects all properly configured instances of SecureDrop, and steps should be taken immediately to mitigate disruption of SecureDrop running services. Read More