Hello, my Sonys and Cheshire Cats! 🐭✨🐈‍⬛

Today we're going to talk about 6G📶
6G, or the sixth generation of mobile networks. If 5G gave us fast internet and myths about killer towers, then 6G will raise the bar📡

Imagine data transfer speeds of up to 100 Gbps — that's hundreds of times faster than 5G! 6G will integrate AI, terahertz waves, and satellites. Standards are already being developed (thanks, 3GPP!), and the first commercial networks are expected by 2030. Europe, with its telecom giants Nokia and Ericsson, is actively participating in the race, but the US (with FutureG and DARPA projects) and China (with Huawei) are not far behind🧩

6G operates on terahertz waves — frequencies ranging from 100 GHz to 10 THz, which transmit data so fast that 5G nervously smokes on the sidelines.
But there is one small nuance: it doesn't work well in practice, as these waves don't pass through walls very well😓, so dense networks with lots of small antennas (massive MIMO) are needed. Traffic and security management is handled by AI, which distributes the data. Quantum encryption is also used to protect communications. 6G also has blockchain, which is needed for transparency: blockchain records who uses the network and how. Satellites are connected to provide coverage in remote areas, and RIS (smart reflective surfaces) technology helps direct signals where walls interfere.

But, as you can imagine, it's not all sunshine and rainbows, and 6G has a huge attack surface that is currently being actively studied🔓

For example, there are current threats related to the growing number of connected devices. 6G promises to connect a multitude of IoT devices. Each such device is a potential entry point for attackers. Hack one sensor in the power grid and the city is without power. Add to this the use of terahertz frequencies, which transmit data quickly but are vulnerable to local interception or jamming due to their limited range. Another headache is artificial intelligence: attackers can feed it fake data, and it will start directing traffic to nowhere. Quantum computers (still a long way off) could destroy cryptography, such as RSA, to smithereens. Don't forget the risks associated with decentralization. Processing data at the edge of the network, close to devices, reduces latency but makes these nodes an easy target for attacks, especially if they are not sufficiently protected. Attacks on the supply chain, such as the introduction of hardware Trojans, also pose a serious threat, given the complexity of manufacturing 6G equipment. Finally, scenarios such as digital twin spoofing or interference with robots can have certain consequences.

But there is no shortage of protection — developers are already coming up with ways to deal with threats🛡

They are creating cryptography that can withstand quantum attacks. Post-quantum cryptography uses complex mathematical problems to keep data secure (although some algorithms could use some refinement against conventional threats). Quantum key distribution makes encryption unbreakable; any attempt at interception is immediately noticeable. For devices such as IoT sensors, encryption algorithms are being developed that do not require powerful hardware.
AI also helps: it searches for suspicious behavior in real time, checks data, and blocks attacks. Blockchain removes weak links, and smart contracts automatically control access, reducing the risk of errors. For terahertz waves, jamming technologies are used to prevent signal interception. Devices receive unique “fingerprints” so that they cannot be counterfeited.

Personally, I am still a little skeptical about 6G: it seems to me that they want to cram a bunch of hyped technologies into it that may not work as intended in practice. But it seems that this technology is being actively developed, so let's see what happens next🔑

If you want to learn more about 6G architecture, its security, check the archive, which contains articles that will help you learn more❤️🛠

#6g #attacks #Blockchain #network #neural_networks #quantum_computer #security

Welcome to my Alice tea party! 🫖🎀
I decided to write a series of short posts about secure operating systems 🖥🐧

Today, we'll take a look at Whonix and find out if it's as good and anonymous as people say. Spoiler alert: no, it's not.

Let me clarify right away: Whonix is not a full-fledged operating system, but a tool for anonymity that can work independently or as a router in Qubes OS. In this article, I will focus on analyzing how it works as a standalone system

How does Whonix work?🧩
Whonix is built on two virtual machines: Whonix-Gateway and Whonix-Workstation. Gateway configures and routes all your traffic through the Tor network. Workstation is your workplace. If you want to dig deeper, check out their documentation.

Problems with Whonix 🔓
Now to the point: why Whonix isn't really necessary. Let's start with Gateway. It's just Debian with Tor pre-installed and a bunch of scripts that redirect traffic through Tor. Everything is tied to the configuration in the settings file and iptables rules. Cool? Not really. Plus, Whonix drags along old Debian, where packages are updated once in a blue moon.

Whonix positions itself as super protection against leaks, but if you don't understand what you're doing, no virtual machine will save you. For example, if you run a browser with JavaScript or download files and then open them outside of Workstation, your anonymity is gone.

By the way, Whonix can only be run without problems on VirtualBox. You may argue that there are versions for KVM/QEMU on their website. But that's where the problems begin. If you take Whonix for KVM, you won't be able to install it just like that — you need to edit the configuration, and there are no detailed instructions on how to do this anywhere. With VirtualBox, however, there are no such problems — everything works out of the box.

But what's wrong with VirtualBox?🪤
Besides the fact that it is significantly slower than KVM. In March 2025, a vulnerability CVE-2025-30712 with a rating of 8.1 appeared in Virtualbox. It allows an attacker with access to the host system to perform a VM escape, i.e., to get out of the virtual machine onto your main computer🫠. Proof-of-concept is already circulating on the network, and exploitation is easier than it seems. If the host is compromised, all your anonymity goes down the drain, and your real IP or other data may leak.

How to make an analogue of Whunix Gateway? ⚙️
But there is another way. The Gateway model itself is not bad. But you can create a machine with it yourself without Whunix, using a minimalist Linux (such as Gentoo or even FreeBSD instead of Linux). Then configure Tor directly. After all, Gateway is just a wrapper around the standard Tor and iptables settings, which can be found on Google in five minutes. Now add the iptables you found and DNSPort to the Tor config so that DNS requests also go through Tor, and that's it. This takes up less space and reduces the attack surface.

Conclusion
To be fair, Whonix isn't always bad. But it can be useful in conjunction with Qubes OS (where it runs in KVM, by the way), which has additional security mechanisms, such as domain isolation, that enhance security. But apart from Qubes, Whonix is pretty pointless. You might think it's suitable for those who don't want to bother with configuring Tor, but that's not the case. To run Whonix on a decent VM, such as KVM, you'll have to go through just as much trouble.

The bottom line is simple: Whonix is not a super-anonymous OS, but a tool that complicates life more than it protects it 💊

I hope you found this useful.❤️✨ If you wish, you can explore the topic yourself by reading research and testing the system.

Here are some good articles about Whonix:
THESIS.pdf — here is an overview of anonymous operating systems, including Whonix.
Whonix and Tor Limitations — about the shortcomings of Whonix and Tor.
JOSH Article — analysis of Whonix limitations.

#anonymity #linux #whunix #cve #anonymity_os #tor #security