Jump to content
OpenSecurity.global
  • Recently Browsing   0 members

    No registered users viewing this page.

Sign in to follow this  
Tim Casey

Kazakhstan breaking SSL encryption nationwide

Recommended Posts

A thread to discuss technicalities of the Kazakhstan government requiring ISPs to try to get their users to install a government browser root certificate. I admit I don't understand all of it and why I'm grateful for this site.

The news articles say it's an attempt to man-in-the-middle their people, but trying to understand how. Your browser already comes pre-installed with a bunch of root certificates. How does adding another one mitm you? Correct me if I'm wrong, but I think the installation of the certificate is only part of the hack, ISPs were blocking all non-SSL/TLS traffic until the certificate was installed. So I think the more interesting stuff is going on behind the scenes at the Kazakhstan's ISPs. How do they do it? Did they install proxy servers in front of their customer's network traffic? 

I recall some malware using stolen certificates from trusted certificate authorities, but that's different. What I think is happening is the browser with the government root certificate connects to the ISP, where they can intercept traffic to certain sites, and the proxy server is using the legitimate certificate facing the SSL site, facebook for example. Why doesn't the browser know not to use the KZ certificate when connecting to the site?

And if this is possible could the company you work for be doing the same thing, but only without your knowledge? 🙂

Share this post


Link to post

So lots of ISPs (including in the UK) proxy HTTP traffic - eg every BT customer and ADSL customer using OpenReach network go through transparent proxy. 

In Kazakhstan they’re also now proxying all HTTPS traffic, by requiring all devices have a root CA installed to allow transparent decryption. This is how SSL/TLS interception works in the enterprise, it allows them to sniff any encrypted traffic as needed. 

Share this post


Link to post

There's technical thing on how they're doing it here: https://censoredplanet.org/kazakhstan

Amusing one is it's pitched as preventing malware and fraud, but the list of censored sites is all stuff allowing communication interception and news site altering.  Shocked!

  • Like 1

Share this post


Link to post

Thanks for the link! and kudos to UofM (Go State!).

So it appears that the root CA KZ was asking users to install was "fake" or fraudulent. I need to research more how root CAs work in browsers. For example what is the nature of the certificate that overrode the ones provided by the browser company?

And more importantly, why haven't browser companies included protections against this?

Share this post


Link to post

This is how enterprises monitor SSL traffic - e.g. here we install a self-signed root CA on every endpoint, and then intercept traffic.  Browsers have never protected against it.

So as I'm browsing this at work in Chrome I see a valid certificate, but if I look it is signed by somebody else (i.e. my work):

image.png.51924a0707748860b707409700e4fdba.png

This site is also served with TLS 1.3, which many people in InfoSec think can't be intercepted - but it can as we do it.  TLS 1.3 has become another one of those InfoSec urban myths.

  • Like 1

Share this post


Link to post

How does the browser know which root CA to use? Been researching chain of trust. If you surf to facebook.com, the browser looks for the root CA that originally signed the facebook cert loaded on facebook servers. At your work do you have to remove the other root CA certs?

I'm thinking if there is a browser extension that can warn you if someone has mitm you...

Share this post


Link to post

When the person browses to Facebook, we intercept the traffic and rewrite it with our own certificate. So the browser uses our cert. 

Share this post


Link to post
2 minutes ago, Kevin Beaumont said:

When the person browses to Facebook, we intercept the traffic and rewrite it with our own certificate. So the browser uses our cert. 

I understand that. But how does the browser know to use your cert rather than the one that would be there on your home system... do you remove all the vendor supplied root CAs?

Share this post


Link to post
8 hours ago, Tim Casey said:

I understand that. But how does the browser know to use your cert rather than the one that would be there on your home system... do you remove all the vendor supplied root CAs?

No, the browser just uses whatever cert it is told to use. 

Share this post


Link to post
On 7/25/2019 at 4:08 AM, Kevin Beaumont said:

No, the browser just uses whatever cert it is told to use. 

Do you have any documentation on how you do this? For MS systems you'd probably do a GPO as the certificates are in the OS. Firefox has it's own.

 

Share this post


Link to post
16 minutes ago, Tim Casey said:

Do you have any documentation on how you do this? For MS systems you'd probably do a GPO as the certificates are in the OS. Firefox has it's own.

 

For Internet Explorer, Edge and Chrome you just inject it into the Windows CA store, you can do this with Group Policy.

For Firefox, https://wiki.mozilla.org/CA/AddRootToFirefox

In the case of Kazakhstan they just get people to manually import it.

Share this post


Link to post

What I still don’t understand: There are lots of root CAs in the cert store or browser. How does adding one, negate the others? Where is the logic that says “Use this CA and not the others” ?

Share this post


Link to post
20 hours ago, Tim Casey said:

What I still don’t understand: There are lots of root CAs in the cert store or browser. How does adding one, negate the others? Where is the logic that says “Use this CA and not the others” ?

If somebody/something is intercepting the traffic at network layer, it can present whatever certificate it wants.  So say on a corporate network, you intercept the traffic and rewrite it to use a custom CA signed certificate - that way the client end trusts it, and you can see inside the traffic.

Share this post


Link to post

I'm trying to understand how the browser works. How does it know which CA cert to use? This firefox documentation I think is the best Mozilla has from a user standpoint.

https://wiki.mozilla.org/PSM:Changing_Trust_Setting

There is probably some developer documentation that gets more detail. Another thing to look at is the KZ hack. Anyone have screenshots of the instructions the KZ ISP/government gave it's users? You'd probably have to translate it, I doubt they were in English.

Share this post


Link to post

The browser just uses whichever certificate it has been provided via the network and validates it as usual, e.g. if the cert is signed by a CA it trusts and the certificate is valid, it doesn't show a warning.

I don't have a link to hand re the Kazakhstan certificate but the website is reachable, it just tells you have to install it on different devices.

Share this post


Link to post

I feel like I’m stuck in a loop. 😉

I don’t think you can mitm without messing with the browser or OS, otherwise the KZ gov/ISP would not have asked users to install the fraudulent root CA. 

So I’ve been searching for my answer, and I’ve come up with something close.

https://images.app.goo.gl/Mrz4ELyN5kfm2mUL9

and here is a description of software called Cert Patrol that actually explains how problematic intermediate certificates are and some extensions that can help users detect problems with certs:

http://patrol.psyced.org/

 

Edited by Tim Casey

Share this post


Link to post

Nobody said you can do it without requiring OS and user changes - the thread specifically says you need them 😀

The government in this case requires people manually install a certificate to view HTTPS websites. 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Members online now

    No members to show

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy