Thursday, December 5, 2024
HomePrivacyGoogle, Mozilla, Apple Block the Kazakhstan root CA Certificate To Stop...

Google, Mozilla, Apple Block the Kazakhstan root CA Certificate To Stop Spying Their Citizen’s Web Traffic

Published on

SIEM as a Service

Google, Mozzila, and Apple decided to ban the Kazakhstan root CA certificate to protect the millions of users privacy, it means Chrome, Firefox, and Safari will no longer trust the government-issued root certificate.

The security and privacy of HTTPS encrypted communications in browsers such as Mozilla, Chrome, Safari relies on trusted Certificate Authorities (CAs) to issue website certificates only to someone that controls the domain name or website by verifying their site owners identity.

A shocking report published last July states that, Kazakhstan forced their users to install the Government-issued digital certificate on their devices through Internet Service Providers (ISPs).

- Advertisement - SIEM as a Service

The Kazakhstan government goal was to intentionally intercept the user’s web traffic and their activities without letting them know that the citizen’s activities are secretly monitoring by a man-in-the-middle (MitM) attack against HTTPS connections.

On July 18, citizens in Kazakhstan receiving the notification from the ISP’s that they were required to install the security certification in their respective devices, otherwise they will face the interruption to their web traffic, and they will block from accessing the most popular such as Google and Facebook and more.

It is extremely difficult to perform mass surveillance by government or cybercriminals to intercept any users without having any direct control over end-user devices.

But it’s possible if the users install a trusted digital certificate on to the device and it will open the door to intercept the encrypted traffic.

According to censored planet Report, “Interception was first detected on July 17, and we have been tracking it continuously since July 20. It has stopped and started again several times. Only certain sites are intercepted, and interception is triggered based on the SNI hostname. At least 37 domains are affected, including social media and communication websites”

allo.google.com, android.com, cdninstagram.com, dns.google.com, docs.google.com, encrypted.google.com, facebook.com, goo.gl, google.com, groups.google.com, hangouts.google.com, instagram.com, mail.google.com, mail.ru, messages.android.com, messenger.com, news.google.com, ok.ru, picasa.google.com, plus.google.com, rukoeb.com, sites.google.com, sosalkino.tv, tamtam.chat, translate.google.com, twitter.com, video.google.com, vk.com, vk.me, vkuseraudio.net, vkuservideo.net, www.facebook.com, www.google.com, www.instagram.com, www.messenger.com, www.youtube.com, youtube.com

Mozilla Ban Kazakhstan root CA Certificate for FireFox

Mozilla releases a public statement that they block the Kazakhstan root CA certificate and it will no longer be trusted by Firefox.

Firefox will not trust Kazakhstan root CA certificate even if there are already installed such as a way to protect firefox users from intercepting the Kazakhstan citizens privacy.

According to Firefox “We encourage users in Kazakhstan affected by this change to research the use of virtual private network (VPN) software, or the Tor Browser, to access the Web. We also strongly encourage anyone who followed the steps to install the Kazakhstan government root certificate to remove it from your devices and to immediately change your passwords, using a strong, unique password for each of your online accounts. “

Firefox users who have already installed the certificate will attempt to access any site, they will receive an error stats that the certificate should not be trusted.

In years back, the Kazakhstan government requested Mozzila to add the root certificate to the list of other root certificates, but the fear of misuse possibility, Mozilla denied to add their root certificate.

Google Banned for Chrome

Google also has taken the appropriate steps, and it will be blocking the certificate the Kazakhstan government forced its citizen’s to install on their devices.

Google trusts the locally installed TLS/SSL certificate on a user’s computer or mobile device for an internal purpose such as a corporate environment to intercept and monitor internal traffic.

But, intercepting public traffic is totally against the user’s privacy when they are accessing the public internet, Google said.

According to a Google report, “The certificate has been blocked and added to CRLSet. No action is needed by users to be protected. In addition, the certificate has been added to a blocklist in the Chromium source code and thus should be included in other Chromium-based browsers in due course.”

Apart from Google and Mozilla, Apple also decided to block the root certificate issued by Kazakhstan CA.

Apple told Ars Technica “We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue. This covers Safari for both iOS and macOS”.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals

Threat actors often attack dating apps to steal personal data, including sensitive data and...

Europol Concerns Over Privacy Enhancing Technologies Challenge Lawful Interception

A new position paper argues that Privacy Enhancing Technologies (PET) used in Home Routing...

Free Android VPNs Suffering Encryption Failures, New Report

VPN apps for Android increase privacy and security over the internet since connection data...