People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo, and possibly an unlimited number of other Internet properties.
A blog post published Tuesday by Google security engineer Adam Langley said the fraudulent transport layer security (TLS) certificates were issued by the National Informatics Centre (NIC) of India, an intermediate certificate authority that is trusted and overseen by India’s Controller of Certifying Authorities (CCA). The CCA, in turn, is trusted by the Microsoft Root Store, a library that IE and many other Windows apps rely on to process the TLS certificates that banks, e-mail providers, and other online services use to encrypt traffic and prove their authenticity. (Firefox, Thunderbird, and Chrome on Windows aren’t at risk. More about that later in this post.)
In an update posted Wednesday, Langley said the CCA confirmed that the bogus certificates were the result of a compromise of NIC’s certificate issuance process. The CCA reportedly said only four certificates were compromised. In a sign the CCA’s findings aren’t reliable, or at least are only tentative, Langley went on to say Google researchers are aware of still more counterfeit credentials stemming from the NIC breach.
“The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains,” he wrote Wednesday. “However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown.”
How Heartbleed transformed HTTPS security into the stuff of absurdist theater
Certificate revocation checking in browsers is “useless,” crypto guru warns.
The CCA has already revoked all certificates held by intermediate authority NIC. The revocation in theory means Windows users who encounter one of the fraudulently issued TLS certificates will be alerted through mechanisms including the certificate revocation list and online certificate status protocol, which are supposed to flag revoked credentials before they’re trusted by a browser or other app. In practice, and as Ars reported following the catastrophic Heartbleed vulnerability, the real-time revocation checks are trivial for attackers to bypass.
House of cards
The result is that IE and other apps that rely on Windows to know which certificates to trust have no reliable way of detecting the bogus credentials at the moment. Worse still, at this early stage in the investigation, there’s no way of knowing just how many certificates were fraudulently issued. Based on Langley’s account, there are at least five impostors (the four confirmed by CCA and at least one other not included in that list seen by Google), but it’s hard to imagine attackers with the control over a Windows-trusted authority would stop at just a handful. Absent some technical constraint, there’s every reason the attackers minted hundreds, thousands, or even more of the fake IDs.
It was precisely this scenario following the 2011 compromise of DigiNotar that prompted Microsoft to hardwire the revocation of the Dutch certificate authority directly into Windows. By the time Microsoft and other software makers responded, more than 300,000 Internet users, mostly located in and around Iran, were exposed to the certificates when accessing Google mail. Asked Wednesday afternoon if Microsoft planned to follow a similar path this time, company officials issued the following statement:
“We are aware of the mis-issued third-party certificates and we have not detected any of the certificates being issued against Microsoft domains. We are taking the necessary precautions to help ensure that our customers remain protected.”