Categories: PrivacySSL/TLS

Google, Mozilla, Apple Block the Kazakhstan root CA Certificate To Stop Spying Their Citizen’s Web Traffic

Google, Mozzila, and Apple decided to ban the Kazakhstan root CA certificate to protect the millions of users privacy, it means Chrome, Firefox, and Safari will no longer trust the government-issued root certificate.

The security and privacy of HTTPS encrypted communications in browsers such as Mozilla, Chrome, Safari relies on trusted Certificate Authorities (CAs) to issue website certificates only to someone that controls the domain name or website by verifying their site owners identity.

A shocking report published last July states that, Kazakhstan forced their users to install the Government-issued digital certificate on their devices through Internet Service Providers (ISPs).

The Kazakhstan government goal was to intentionally intercept the user’s web traffic and their activities without letting them know that the citizen’s activities are secretly monitoring by a man-in-the-middle (MitM) attack against HTTPS connections.

On July 18, citizens in Kazakhstan receiving the notification from the ISP’s that they were required to install the security certification in their respective devices, otherwise they will face the interruption to their web traffic, and they will block from accessing the most popular such as Google and Facebook and more.

It is extremely difficult to perform mass surveillance by government or cybercriminals to intercept any users without having any direct control over end-user devices.

But it’s possible if the users install a trusted digital certificate on to the device and it will open the door to intercept the encrypted traffic.

According to censored planet Report, “Interception was first detected on July 17, and we have been tracking it continuously since July 20. It has stopped and started again several times. Only certain sites are intercepted, and interception is triggered based on the SNI hostname. At least 37 domains are affected, including social media and communication websites”

allo.google.com, android.com, cdninstagram.com, dns.google.com, docs.google.com, encrypted.google.com, facebook.com, goo.gl, google.com, groups.google.com, hangouts.google.com, instagram.com, mail.google.com, mail.ru, messages.android.com, messenger.com, news.google.com, ok.ru, picasa.google.com, plus.google.com, rukoeb.com, sites.google.com, sosalkino.tv, tamtam.chat, translate.google.com, twitter.com, video.google.com, vk.com, vk.me, vkuseraudio.net, vkuservideo.net, www.facebook.com, www.google.com, www.instagram.com, www.messenger.com, www.youtube.com, youtube.com

Mozilla Ban Kazakhstan root CA Certificate for FireFox

Mozilla releases a public statement that they block the Kazakhstan root CA certificate and it will no longer be trusted by Firefox.

Firefox will not trust Kazakhstan root CA certificate even if there are already installed such as a way to protect firefox users from intercepting the Kazakhstan citizens privacy.

According to Firefox “We encourage users in Kazakhstan affected by this change to research the use of virtual private network (VPN) software, or the Tor Browser, to access the Web. We also strongly encourage anyone who followed the steps to install the Kazakhstan government root certificate to remove it from your devices and to immediately change your passwords, using a strong, unique password for each of your online accounts. “

Firefox users who have already installed the certificate will attempt to access any site, they will receive an error stats that the certificate should not be trusted.

In years back, the Kazakhstan government requested Mozzila to add the root certificate to the list of other root certificates, but the fear of misuse possibility, Mozilla denied to add their root certificate.

Google Banned for Chrome

Google also has taken the appropriate steps, and it will be blocking the certificate the Kazakhstan government forced its citizen’s to install on their devices.

Google trusts the locally installed TLS/SSL certificate on a user’s computer or mobile device for an internal purpose such as a corporate environment to intercept and monitor internal traffic.

But, intercepting public traffic is totally against the user’s privacy when they are accessing the public internet, Google said.

According to a Google report, “The certificate has been blocked and added to CRLSet. No action is needed by users to be protected. In addition, the certificate has been added to a blocklist in the Chromium source code and thus should be included in other Chromium-based browsers in due course.”

Apart from Google and Mozilla, Apple also decided to block the root certificate issued by Kazakhstan CA.

Apple told Ars Technica “We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue. This covers Safari for both iOS and macOS”.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

AT&T and Verizon Hacked – Salt Typhoon Compromised The Network For High Profiles

AT&T and Verizon Communications, two of America's largest telecommunications providers, have confirmed they were targeted…

29 minutes ago

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…

2 days ago

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…

2 days ago

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…

2 days ago

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…

2 days ago

Araneida Scanner – Hackers Using Cracked Version Of Acunetix Vulnerability Scanner

Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…

3 days ago