0

Over the last couple of years, there were a few instances when some third party managed to create a SSL certificate for a domain that doesn't belong to them, for example google.com, or most recently github.com.

In my limited understanding, accessing a signed web site means my browser will compare the domain I'm accessing with the certificate it offers. So, if I somehow manage to get people to my phishing site called g00gle.com using the google.com certificate, my browser should complain that the certificate is not valid for this domain.

Obviously, I must be missing something here, this wouldn't be all over the news otherwise. What kind of mischief is possible, or likely, using a valid SSL certificate that points to someone else's domain?

vic
  • 536
  • 3
  • 11
  • Your title does suggest something else than the post. Are you talking about risk, or do you want to know how this attack could be made possible? Also have a look at http://security.stackexchange.com/q/135714/59575 – Yorick de Wid Sep 05 '16 at 10:07
  • I wish to understand which types of attacks are possible or likely using a rogue certificate. – vic Sep 05 '16 at 10:14
  • 1
    @vic: CA is certificate agency which is not short for certificate but some entity which issues certificates. While you've fixed this "typo" it is still unclear if you ask what somebody can do with a valid certificate for a domain he does not own (google.com) or with a certificate for a similar sounding domain he does own (g00gle.com). If you are interested in both then please ask two question because these are different issues, i.e. man in the middle attack vs. phishing. – Steffen Ullrich Sep 05 '16 at 11:09
  • @SteffenUllrich My question is what one can do with a certificate for a domain he does not own. I just mentioned g00gle.com as an example that would, in my understanding, not work. That's why I was asking for examples how such a certificate could be misused. The answer you gave in the linked question is helpful. – vic Sep 05 '16 at 11:59

2 Answers2

3

It is not needed to get a forged certificate for g00gle.com. The person behind the phishing site just needs to obtain a regular certificate for that domain. Of course requesting such a certificate may fail as a computer or a human may be triggered by the likeliness to google.com. But otherwise any owner of a domain can create a key pair and send a certificate request to any commercial CA. Note that registering has the nasty side effect of making yourself known to the CA.

It's not possible to use the orginal google.com certificate. The certificate contains the information about the site / site owner, the issuing CA and the public key. You would need the private key as well to use the google.com certificate.

The problem with certificates issued to rogue parties occurs during man-in-the-middle attacks where the communication can be routed to another computer. In that case the attacker can choose to intercept, read and change traffic to e.g. google.com. The attacker may also impersonate the server or anything in between.

In the case of google.com the Iranian government was involved. As it controls (most of) the infrastructure of Iran's internet the routing to another computer is easy. More close to home (for most of us), attackers can also setup rogue WiFi access points and use that to route traffic.

Note that plain DNS doesn't contain security measures, so anybody controlling the network also controls the way that IP addresses are mapped to names and vice versa.

SilverlightFox
  • 33,698
  • 6
  • 69
  • 185
Maarten Bodewes
  • 4,602
  • 15
  • 29
  • 3
    That was the missing piece, thanks for jump starting my brain. Basically, the attacker must be able to manipulate the DNS in some way in order to (mis)use the rogue certificate. The way I see it, there are only three ways, please correct me if I'm wrong or if there are more. 1) The attacker controls the network. 2) The attacker has write access to the users's hosts file. 3) The attacker has access to the authoritative DNS Server. – vic Sep 05 '16 at 10:25
  • 1
    This is why [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) is important. It adds digital signatures to DNS records. Unfortunately it isn't widely adopted yet. – Philipp Sep 05 '16 at 10:59
  • 2
    @Philipp: DNSSec does not help if the attacker already controls the path of the connection, i.e. with ARP spoofing, owning the router, owning the access point etc. DNSSec only helps against DNS spoofing which is only one of many ways for an attacker to control the flow of the connection. – Steffen Ullrich Sep 05 '16 at 11:14
0

@Vic In the attack by Iranian Hacker on DigiNotar, the attacker obtained the wildcard certificate for google.com and this certificate had domain name *.google.com

So, when a user typed google.com in the browser, using the compromised network, the attacker redirected the traffic to his own website such as phishing.google.com (or any such website in this domain). Because the attacker had the wildcard certificate for google which was presented to the browser, the browser was able to match the domain and was also able to verify that the certificate was signed by a valid CA (DigiNotar in this case). Thus, the google certificate was misused.

There may be other ways of carrying out such an attack that I'm not aware of.

AB123
  • 1