Vulnerabilities in Tails, Whonix & Qubes.



Fixxx

Elite
Ultimate
Joined
31.10.19
Messages
137
Reaction score
60
Points
28
Today we will look at similar distributions from a different perspective and talk about the vulnerability of Tails and similar systems.

Tails Vulnerabilities

Tails (The Amnesic Incognito Live System), or simply "Tails." It is a Linux distribution focused on privacy and anonymity. It is a LIVE distribution (runs from a flash drive, leaves no traces on your PC). Based on the very stable Debian). For those who are not aware, this OS routes all your traffic through the Tor network, which ensures security while working online. It comes with pre-installed software that often simplifies life (cryptocurrency wallet client, password manager, communication clients, Tor browser, and much more). I will not list all the features and advantages of this OS or others in this list right now. Let's talk about the pitfalls. Unfortunately, many people believe that Tails is a perfect pill where you can do dirty deeds and the police will never catch you.

The case of a comrade nicknamed "Brian Kil" Hernandez shows that not everything is carefree. This scoundrel engaged in extortion and blackmail of young women and children. He threatened with rape, terrorism, and was just a wonderful person. He conducted his interesting activities on Facebook, but this character also did not forget about ensuring his own security. For this, he used Tails. He worked in LIVE mode, so his PC did not clutter up with unnecessary evidence from an external drive, living his life and being a good guy (I preemptively address the obvious question - there is a Facebook mirror on the Tor network). In general, the inevitable happened, Hernandez's lifestyle attracted the attention of competent authorities who dealt with the hero of the story. Hernandez did not consider that the Facebook "security" team paid a substantial sum to an external contractor for the development of a "zero-day" exploit in Tails, which ultimately led to the de-anonymization of the villain and a life sentence in a US federal prison.

And now, the main point. What's wrong with Tails?

1) Facebook, of course, did not inform Tails about the discovered vulnerability. It is not known to anyone how many times this or another exploit created for various purposes was used and whether this exploit(s) was passed on to other agencies. Using Tails or any other Linux distributions is not a panacea. Linux also has exploits and various malware (though much fewer than, for example, Windows).

2) Tails, in its "bare" form, is not suitable if your work is related to resources that only value a white IP. Tor is currently frowned upon by almost everyone in the clearnet, except if there is a Tor mirror, of course. You will have to perform additional manipulations (connecting after to a VPN or VPS/RDP and so on, which can be challenging for novice users).

3) It's a LIVE system; you can certainly install Tails in VirtualBox or another virtualization environment, but then the very conceptual idea of this operating system is violated. A LIVE system will not be the ideal option for many in terms of comfort. Even when creating permanent storage. Tails, in my personal experience and the experience of many people, is not really intended for any kind of permanent/long-term work. Consider that your external drive may fail at the most inconvenient moment. Therefore, always back up your data to avoid regretting not having your Bitcoin wallet, which was only on a flash drive that suddenly became unusable.

4) A persistent volume, if you created one, is visible to anyone who has access to the USB drive + access to the persistent storage from other operating systems can jeopardize security.

Conclusion:

It is quite suitable as a forced "mobile" option for safe surfing. If we are talking about achieving the required level of security, Tails is only for safe browsing.


Whonix Vulnerabilities

The next solution we will look at is Whonix. The OS is slightly less recognizable than Tails, but most of you are familiar with it. Essentially, it consists of 2 virtual machines - the first virtual machine is the Tor gateway, and the second is the working environment (there are other implementation options - Whonix for Qubes OS and even physical isolation when the role of 2 virtual machines is replaced by 2 separate PCs). The Tor gateway routes all traffic through Tor, while the working environment takes traffic only through the Tor gateway. In addition to traffic routing, security is ensured through isolation - even if a virtual machine is compromised, the malware in it remains isolated.

What could be the pitfalls?

1) The level of your protection depends directly on the main (host) OS installed on your hardware. Linux, Xen (Qubes), or BSD are the only effective options for the host operating system to work with Whonix. Later, you will learn why it is advisable to avoid proprietary OS (with closed source code) - such as Windows (if we are talking about security). If Windows is your main OS, then not much will help you. You can't make a silk purse out of a sow's ear. Later, we will explain why.

2) The degree of your protection also depends to some extent on the virtualization platform used to work with Whonix. The general principle here is to avoid non-free software. Of course, Virtualbox may be more intuitive for inexperienced users, but as you become more proficient, it is better to switch to more secure and free options (KVM/Qemu or ideally Qubes).

Conclusion:

Whonix is far from perfect. But if you take a series of additional measures and "polish" it - it is an effective working option.


Qubes OS Vulnerabilities
Like Whonix, Qubes OS ensures security through isolation using the Xen hypervisor. Based on Fedora, it is easy to install (with some savvy) and use. The isolation method is based on limited interaction between programs and hardware. Essentially, Qubes is a central management hub for virtual machines. A separate virtual machine is created for each process, making this OS the best solution available today. Especially when used in tandem with Whonix.

But it's not all that simple.
1) Since Qubes OS is a central management hub for virtual machines, you will need a powerful PC. Although you can run Qubes OS on less powerful hardware, it is not recommended. But that's not all, Qubes is very demanding on hardware, which is its biggest drawback. There is an official list of supported hardware.

2) The process of interacting with the OS (e.g., installing applications) in Qubes is slightly different from other Linux distributions. Because the community here is not as extensive as, for example, Ubuntu/Debian, beginners may face difficulties.

Conclusion:

If your PC fully supports Qubes OS, it is undoubtedly the best option available today. In tandem with Whonix and with a series of security measures and customization of the distribution for your needs.
 
Last edited:

jesterpan

Supreme
Joined
12.04.24
Messages
2
Reaction score
0
Points
1
Nice post....

I use and have used Tails, Whonix and Qubes.. While I find them good for some things, they are certainly not ideal for carding activities, specially due to the slowless that Tor brings.

What would be your recommendation in terms of setup for carding? Most anti detect browsers are windows based... What I have been doing myself is to run a version of Tiny10 or 11 on a VM and shut all the tracking off with OOShutup10 , using Linux as the host. That way it is somewhat more protected... And of course, a dedicated pc, no-logs vpns with kill switch on both (host and vm) and dedicated anonymous connection(as much as can be)

Interested to learn what setup others are using.
 
Last edited:
Top Bottom