Categories: PrivacySSL/TLS

Google, Mozilla, Apple Block the Kazakhstan root CA Certificate To Stop Spying Their Citizen’s Web Traffic

Google, Mozzila, and Apple decided to ban the Kazakhstan root CA certificate to protect the millions of users privacy, it means Chrome, Firefox, and Safari will no longer trust the government-issued root certificate.

The security and privacy of HTTPS encrypted communications in browsers such as Mozilla, Chrome, Safari relies on trusted Certificate Authorities (CAs) to issue website certificates only to someone that controls the domain name or website by verifying their site owners identity.

A shocking report published last July states that, Kazakhstan forced their users to install the Government-issued digital certificate on their devices through Internet Service Providers (ISPs).

The Kazakhstan government goal was to intentionally intercept the user’s web traffic and their activities without letting them know that the citizen’s activities are secretly monitoring by a man-in-the-middle (MitM) attack against HTTPS connections.

On July 18, citizens in Kazakhstan receiving the notification from the ISP’s that they were required to install the security certification in their respective devices, otherwise they will face the interruption to their web traffic, and they will block from accessing the most popular such as Google and Facebook and more.

It is extremely difficult to perform mass surveillance by government or cybercriminals to intercept any users without having any direct control over end-user devices.

But it’s possible if the users install a trusted digital certificate on to the device and it will open the door to intercept the encrypted traffic.

According to censored planet Report, “Interception was first detected on July 17, and we have been tracking it continuously since July 20. It has stopped and started again several times. Only certain sites are intercepted, and interception is triggered based on the SNI hostname. At least 37 domains are affected, including social media and communication websites”

allo.google.com, android.com, cdninstagram.com, dns.google.com, docs.google.com, encrypted.google.com, facebook.com, goo.gl, google.com, groups.google.com, hangouts.google.com, instagram.com, mail.google.com, mail.ru, messages.android.com, messenger.com, news.google.com, ok.ru, picasa.google.com, plus.google.com, rukoeb.com, sites.google.com, sosalkino.tv, tamtam.chat, translate.google.com, twitter.com, video.google.com, vk.com, vk.me, vkuseraudio.net, vkuservideo.net, www.facebook.com, www.google.com, www.instagram.com, www.messenger.com, www.youtube.com, youtube.com

Mozilla Ban Kazakhstan root CA Certificate for FireFox

Mozilla releases a public statement that they block the Kazakhstan root CA certificate and it will no longer be trusted by Firefox.

Firefox will not trust Kazakhstan root CA certificate even if there are already installed such as a way to protect firefox users from intercepting the Kazakhstan citizens privacy.

According to Firefox “We encourage users in Kazakhstan affected by this change to research the use of virtual private network (VPN) software, or the Tor Browser, to access the Web. We also strongly encourage anyone who followed the steps to install the Kazakhstan government root certificate to remove it from your devices and to immediately change your passwords, using a strong, unique password for each of your online accounts. “

Firefox users who have already installed the certificate will attempt to access any site, they will receive an error stats that the certificate should not be trusted.

In years back, the Kazakhstan government requested Mozzila to add the root certificate to the list of other root certificates, but the fear of misuse possibility, Mozilla denied to add their root certificate.

Google Banned for Chrome

Google also has taken the appropriate steps, and it will be blocking the certificate the Kazakhstan government forced its citizen’s to install on their devices.

Google trusts the locally installed TLS/SSL certificate on a user’s computer or mobile device for an internal purpose such as a corporate environment to intercept and monitor internal traffic.

But, intercepting public traffic is totally against the user’s privacy when they are accessing the public internet, Google said.

According to a Google report, “The certificate has been blocked and added to CRLSet. No action is needed by users to be protected. In addition, the certificate has been added to a blocklist in the Chromium source code and thus should be included in other Chromium-based browsers in due course.”

Apart from Google and Mozilla, Apple also decided to block the root certificate issued by Kazakhstan CA.

Apple told Ars Technica “We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue. This covers Safari for both iOS and macOS”.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

3 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago