4

I'm not a security specialist, thus reading this Google Blog post about a fake *.google.com certificate, raises a lot of concerns, if anyone can impersonate a website, especially a google website, my naive understanding is that this can be used for phishing attacks and identity theft related fraud massively.

What I would like to ask, and please forgive my ignorance, is how a fake certificate useful this way, if I type X.google.com, it will go to a Google Sub-domain in any case (e.g. fraudster will need to also hack some DNSs / hosts to be able to redirect to his own malicious site, is that correct?)

My question is this, is a fake certificate only useful in combination of a DNS hijack (or any other method that will point the fake cert's target domain to a fraudulent IP, e.g. modifying hosts file etc?) i.e. I assume it's not useful if the user is clicking on a link a la givemeyourlogindetails.google.somehoaxdomain.com and tempted to think it's "real" just because the padlock is green (and I assume it won't be green anyway as the domain doesn't match)

I'm sure I'm missing some security 101, but I couldn't be sure I fully understand the big picture here.

Eran Medan
  • 851
  • 1
  • 10
  • 20
  • cf.: "[Can a nation-state adversary perform a MITM attack by compelling a CA to issue them with fake certs?](https://security.stackexchange.com/q/38199/29728)" – Geremia Sep 12 '15 at 04:31

2 Answers2

5

Is a fake certificate only useful in combination of a DNS hijack (or any other method that will point the fake cert's target domain to a fraudulent IP, e.g. modifying hosts file etc?)

... or man-in-the-middle by means of ARP or routing table changes by an ISP. In any case, some redirection that is undesirable for the end user must also occur.

The area of concern is that your browser trusts the issuing authority and the issuing authority sent a certificate to somebody who isn't the controller of the domain. Particularly with some governments, this can be very concerning as they can silently redirect anybody in their country by twisting an ISP's arm.

It's for this reason that I argue that DNSSEC should be used as another authentication channel for certificates to show that whatever was issued is also accepted to be published by the domain owner.

Jeff Ferland
  • 38,170
  • 9
  • 94
  • 172
  • Thanks, In other words, this can be used to redirect Google search results for example if some government wishes to censor something if I understand correctly? So I assume your comment about DNSSEC is related to having the DNS server be also "certified" so it's a real one and not one I created on a coffee shop open WiFi or something, did I get it right? – Eran Medan Jan 03 '13 at 21:51
  • @EranMedan Take some time to read up on http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions, but basically as long as the chain for the domain name supports DNSSEC, the server on your end doesn't matter. The client can independently verify answers for a signed domain. – Jeff Ferland Jan 03 '13 at 22:04
  • @EranMedan - Yes. The fake certificate means everything will look like its secure but its not actually secure. This is the reason the fake certificate not is no longer secure ( given all updates make it to the system in question ). Of course a fake certifcate is only helpful if you have a way to intercept the data between Google and the User. – Ramhound Jan 04 '13 at 13:52
2

This happens from time to time and is why revocation lists and regularly updating browsers is important. What happens is that a trusted certificate authority gets compromised and thus people are able to make certificates that appear to be valid. The browser checks the certificate and sees that it is signed by the CA and allows its use. As soon as a CA is detected as compromised, patches are issued for all the major browsers and OSes which remove that CA's certificate from the trusted root CAs at which point any certificates issued under that CA's root certificate will be invalid, including any that were maliciously issued.

It's an unfortunate reality that many shadier CAs do not protect their infrastructure well enough, but the problem is generally fixed rapidly when it does occur, so the likelihood of damage is generally fairly minimal for any particular user since they would also need to be able to redirect traffic.

In other words, having possession of a fake certificate signed by a hacked CA does not let them break connections that are established with the genuine certificate, but if they can get themselves in-between the targeted site and a user, they could then impersonate the site as a middle man until the CA's root certificate is revoked.

AJ Henderson
  • 41,896
  • 5
  • 63
  • 110
  • Thanks, so if I understand correctly, a legit certificate can actually protect me somehow from man in the middle attacks / DNS hijacking? (e.g. as long as the certificate is not hacked, then it will show as invalid if someone impersonates the target site?) – Eran Medan Jan 04 '13 at 15:50
  • @EranMedan - A certificate is a public key that corresponds to a private key. In an HTTPS or SSL connection, the client chooses a key and sends it to the server using the public key included in the certificate. Only the system holding the private key that corresponds to the public key can get access to the information that is exchanged. (continued) – AJ Henderson Jan 04 '13 at 16:56
  • @EranMedan (continued) - The job of a CA is to independently attest that a given public key actually belongs to the organization that the certificate claims in belongs to. Since CAs are trusted by browsers, if a CA signs a certificate, then the browser will believe that the public key belongs to the entity it claims to belong to. This doesn't mean that the rogue certificate has access to the private key of the real certificate, only that they can make a browser believe in the fake one. If you legitimately connect to google.com, then Google's real certificate would be used and the fake cert – AJ Henderson Jan 04 '13 at 17:00
  • 1
    doesn't let the attacker get any information. All it allows is that if the attacker can get between you and Google, they can pretend to be Google with their own rogue certificate. After the browser is patched to remove the trust of the compromised root certificate the rogue google.com certificate is no longer seen as valid though. – AJ Henderson Jan 04 '13 at 17:00
  • Thank you! you helped a lot to clear my blurry grasp on this :) – Eran Medan Jan 04 '13 at 20:33
  • @EranMedan - No problem. Glad I could help. – AJ Henderson Jan 04 '13 at 20:53