Law Enforcement Devices Undermine SSL

A small lock in your browser window, indicating that you are communicating safely with your bank or email, does not always mean what it should mean.

Typically, when a user visits a secure website, such as Bank of America, Gmail, PayPal, or eBay, the browser analyzes the certificate of the website to verify its authenticity.
')
However, at the recent Audition Congress, security researcher Chris Soghoian (Chris Soghoian) discovered that a small company offered Internet spying devices to feds to intercept messages that, without breaking encryption, use fake security certificates, rather than real ones, that real websites used to test secure connections. To use the device, the government must purchase a fake certificate from any of the more than 100 trusted Certification Authorities.

The attack is a classic man-in-the-middle attack, where Alice thinks she is talking directly to Bob, but instead, Mallory found a way to get into the middle and send messages back and forth so that Alice and Bob does not know that she is there.

According to leading encryption expert Matt Blaze ( Matt Blaze ), a professor of computer science from the University of Pennsylvania, the existence of the proposed product indicates a vulnerability that can be exploited not only by governments hungry for information.

“If a company sells it to law enforcement and intelligence organizations, it’s not such a big leap to the conclusion that other, more evil people have worked out in detail how to take advantage of it,” says Blaise.

The company, known as Packet Forensics, advertised its new Man-In-The-Middle features in the form of brochures distributed at the Intelligent Systems Support Conference ( ISS ), the Washington-based listening convention, which the press does not usually allow. Soghian was present at the convention, visibly showing off the “captured” Sprint manager about the huge volume of orders from the government for listening devices.

According to the flyer: “Users have the ability to import copies of any legitimate keys they received (possibly in court), or they can generate 'similar' keys in order to give a false sense of confidence in their authenticity.” The product is recommended to government investigators, “IP communications dictate the need to explore encrypted traffic at will,” and “Your investigators will collect their best evidence while users are lulled by a false sense of security provided by the web, email, or VOIP encryption.”

Packet Forensics does not advertise the product on its website, but when asked a question, Wired.com was asked how we learned about it. Company spokesman Ray Solino (Ray Saulino) initially rejected the existence of the product and the use of anyone. But when he called the next day, Solino changed his position.

“The technology we use in our products is freely discussed in Internet forums, and there is nothing special or unique about it,” said Solino. "Our target audience is law enforcement officers."

Blaise described the vulnerability as exploiting the architecture of using SSL to encrypt web traffic, and not as an attack on encryption itself. SSL technology, known by many as httpS, allows browsers to communicate with servers using full encryption, so no one between the browser and the company's server can listen to the data. Normal HTTP traffic can be read by anyone between you and the site — your provider, the listening device at your provider, or, in the case of an unprotected WiFi connection, by anyone using a simple packet sniffing tool.

In addition to encrypting traffic, SSL confirms that your browser communicates with the particular site you want to connect to. To this end, browser developers trust a large number of Certification Centers - companies that promise to verify the authority of the site operator and the property before issuing a certificate. A simple certificate today costs less than $ 50, and is located on a website server, ensuring that BankofAmerica.com is actually owned by Bank of America. The creators of browsers have accredited more than a thousand Certification Centers around the world, so any certificate issued by any of these companies is accepted as valid.

To use the Packet Forensics device, law enforcement or intelligence agencies will have to install it with your provider, and convince one of the Certification Centers — using money, blackmail, or a lawsuit — to issue a fake certificate to the target site. After that, they can intercept your username and password, and see all the operations that you do on the Internet.

Technologists from the Electronic Frontier Foundation, who are working on a proposal to eliminate this entire problem, said that hackers can use similar methods to steal your money or your passwords. In this case, the attackers are likely to be deceived by the Certificate Certification Center, as was the case last year, when two security researchers demonstrated how they can obtain certificates for any domain on the Internet using only special characters in the domain name .

“These attacks are not very complex,” said Seth Schoen, an EFF technologist. “There is software distributed free of charge among security enthusiasts and underground workers who automate these (attacks).

China, known for its espionage against dissidents and Tibetan activists, could use such an attack against users of supposedly secure services, including some virtual private networks (VPNs), which are usually used to tunnel through censorship of Chinese firewalls. All they have to do is convince the Certification Authority to issue a fake certificate. When Mozilla added China Internet Network Information Center as a trusted Firefox Certification Center this year, it caused a storm of controversy , and raised fears that the Chinese government would succeed in convincing the company to issue fake certificates to assist government monitoring.

Mozilla Firefox has its own list of 144 root hubs. Other browsers rely on lists provided by operating system manufacturers that go up to 264 for Microsoft and up to 166 for Apple. These root Centers can also certify secondary centers, which can confirm even more — and all of them are equally trusted by the browser.

The list of Trusted Root Centers includes the company Etilisat from the United Arab Emirates, a company that last summer caught the secret download of spyware on Blackberry devices by one hundred thousand customers.

Soghian says that fake certificates can be the perfect mechanism for countries hoping to steal intellectual property from visiting businessmen. The researcher published a document (.pdf) about the risks this Wednesday, and promised that he would soon release an add-on for Firefox to notify users if the site’s certificate was issued by a different country’s body than the last certificate that the user’s browser received from the site.

EFF's Shen, along with colleagues, technologist Peter Eckersley and security expert Chris Palmer, want to make further decisions and use information from different parts of the web, so that eventually browsers can warn with confidence user if they are attacked using a fake certificate. Currently, browsers warn users if they encounter a certificate that does not belong to the site, but many people simply click, in spite of several warnings.

"The main thing is that the status quo does not exist a double check and no responsibility," said Sean. "So if the Certification Center does what it doesn’t have, no one will know, no one will notice. We think that at least it needs to be checked twice. ”

EFF offers a mode that will rely on a second level of independent notaries certifying each certificate, or an automated mechanism to use an anonymous logout through Tor nodes, to make sure that the same certificate is currently being used from different places on the Internet - in the case if the user’s provider has been compromised, either by a criminal, either by the government or by a government agency using something like the Packet Forensics device.

One of the most interesting questions raised by Packet Forensics is how often governments use such technologies and subordinate Certification Centers. Christine Jones, General Counsel for GoDaddy - one of the largest issuers of SSL certificates - says that her company has not received such requests from the government for all eight years of its work. “I read studies and heard presentations in academic circles that theorized about the concept, but we will never issue a fake SSL certificate,” said Jones, saying it would violate SSL audit standards and put them at risk of losing certification. “Theoretically, this should work, but the fact is, we receive requests from law enforcement agencies every day, and during all the time we do this, there has never been a single case when law enforcement asked us to do something inappropriate.”

VeriSign, the largest Certificate Authority, declined to comment.

Matt Blaze noted that local law enforcement agencies can obtain many documents, such as purchases on Amazon, by simply summoning them to court, while obtaining fake SSL certificates is undoubtedly associated with a much greater burden of proof and technical difficulties. same data.

Intelligence agencies will find fake certificates more useful, he added. If the NSA gets a fake certificate on Gmail - which now uses SSL by default for all e-mail sessions in full (and not just for a login) - they can install one of the Packet Forensics devices secretly with a provider, for example, in Afghanistan, to read gmail messages of all clients. Such attacks, however, can be detected with a little digging, and the NSA will never know what was discovered.

Despite the vulnerabilities, experts insist that more sites join Gmail in the packaging of all sessions in SSL.

“I still close the door, even though I know that it can be opened without a key,” said Blaise.