Tuesday, March 19, 2024

Google, Mozilla, Apple Block the Kazakhstan root CA Certificate To Stop Spying Their Citizen’s Web Traffic

Google, Mozzila, and Apple decided to ban the Kazakhstan root CA certificate to protect the millions of users privacy, it means Chrome, Firefox, and Safari will no longer trust the government-issued root certificate.

The security and privacy of HTTPS encrypted communications in browsers such as Mozilla, Chrome, Safari relies on trusted Certificate Authorities (CAs) to issue website certificates only to someone that controls the domain name or website by verifying their site owners identity.

A shocking report published last July states that, Kazakhstan forced their users to install the Government-issued digital certificate on their devices through Internet Service Providers (ISPs).

The Kazakhstan government goal was to intentionally intercept the user’s web traffic and their activities without letting them know that the citizen’s activities are secretly monitoring by a man-in-the-middle (MitM) attack against HTTPS connections.

On July 18, citizens in Kazakhstan receiving the notification from the ISP’s that they were required to install the security certification in their respective devices, otherwise they will face the interruption to their web traffic, and they will block from accessing the most popular such as Google and Facebook and more.

It is extremely difficult to perform mass surveillance by government or cybercriminals to intercept any users without having any direct control over end-user devices.

But it’s possible if the users install a trusted digital certificate on to the device and it will open the door to intercept the encrypted traffic.

According to censored planet Report, “Interception was first detected on July 17, and we have been tracking it continuously since July 20. It has stopped and started again several times. Only certain sites are intercepted, and interception is triggered based on the SNI hostname. At least 37 domains are affected, including social media and communication websites”

allo.google.com, android.com, cdninstagram.com, dns.google.com, docs.google.com, encrypted.google.com, facebook.com, goo.gl, google.com, groups.google.com, hangouts.google.com, instagram.com, mail.google.com, mail.ru, messages.android.com, messenger.com, news.google.com, ok.ru, picasa.google.com, plus.google.com, rukoeb.com, sites.google.com, sosalkino.tv, tamtam.chat, translate.google.com, twitter.com, video.google.com, vk.com, vk.me, vkuseraudio.net, vkuservideo.net, www.facebook.com, www.google.com, www.instagram.com, www.messenger.com, www.youtube.com, youtube.com

Mozilla Ban Kazakhstan root CA Certificate for FireFox

Mozilla releases a public statement that they block the Kazakhstan root CA certificate and it will no longer be trusted by Firefox.

Firefox will not trust Kazakhstan root CA certificate even if there are already installed such as a way to protect firefox users from intercepting the Kazakhstan citizens privacy.

According to Firefox “We encourage users in Kazakhstan affected by this change to research the use of virtual private network (VPN) software, or the Tor Browser, to access the Web. We also strongly encourage anyone who followed the steps to install the Kazakhstan government root certificate to remove it from your devices and to immediately change your passwords, using a strong, unique password for each of your online accounts. “

Firefox users who have already installed the certificate will attempt to access any site, they will receive an error stats that the certificate should not be trusted.

In years back, the Kazakhstan government requested Mozzila to add the root certificate to the list of other root certificates, but the fear of misuse possibility, Mozilla denied to add their root certificate.

Google Banned for Chrome

Google also has taken the appropriate steps, and it will be blocking the certificate the Kazakhstan government forced its citizen’s to install on their devices.

Google trusts the locally installed TLS/SSL certificate on a user’s computer or mobile device for an internal purpose such as a corporate environment to intercept and monitor internal traffic.

But, intercepting public traffic is totally against the user’s privacy when they are accessing the public internet, Google said.

According to a Google report, “The certificate has been blocked and added to CRLSet. No action is needed by users to be protected. In addition, the certificate has been added to a blocklist in the Chromium source code and thus should be included in other Chromium-based browsers in due course.”

Apart from Google and Mozilla, Apple also decided to block the root certificate issued by Kazakhstan CA.

Apple told Ars Technica “We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue. This covers Safari for both iOS and macOS”.

Sponsored: Best Practices to Strengthen Cyber Security – Manage all the Endpoint networks from a single Console.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Website

Latest articles

E-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 Credentials

Tampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old...

WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated...

Researchers Hack AI Assistants Using ASCII Art

Large language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts...

Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

Microsoft has announced an important update for Windows users worldwide in a continuous effort...

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles