1

I tried sniffing TLS web traffic on my own network and I always run against the following complications:

  • I need to install an additional root cert on my devices
  • I need to root my phone to do certificate pinning bypass

For a government this is even harder, isn't it?

  • I have hard time believing that everyone's phone gets a government root cert injected. Do they do this as part of mobile phone distribution? What if someone buys a phone in another country?
  • I have hard time believing that the government has root on all devices (by the way if they have this, why bother with MiTM? They own the device)

And yet, I keep hearing how the governments are able to spy on their citizens and proactively "crack down" on people "misbehaving" online. Some can even censor what people say before it spreads. Everyone is scared to say anything online as the government somehow "knows all". But as of 2022 on modern platforms that do security well, can governments really sniff traffic at such a massive scale? Or is this why recently we hear of some governments pulling the plug on the internet? Maybe exactly because they can't sniff effectively anymore?

To make this scenario more specific. If big chunk of population in a authoritarian country started using decentralized, end-to-end encrypted communication software with well implemented certificate pinning on devices shipped from a "free" country, are governments mass sniffing attempts foiled?

Even more specific. Is an iPhone someone buys in china "rooted"? Will iPhone purchased in USA work in China? Since they are both iPhones, how do we know that USA iPhones are not rooted by China during their manufacture?

Note, I'm not asking about targeted sniffing efforts targeting specific individuals or small groups. I'm asking about mass sniffing of millions of citizens 24x7. This question is about deep packet inspection, not metadata such as SNI etc. Also I'm not asking how they did it in the past (it was easier in the past). I'm asking about the current state. Bonus if someone can make a prediction about the future. (ex: will most sniffing disappear?)

user3280964
  • 1,162
  • 2
  • 8
  • 13
  • You basically claim that the government is mass inspecting the payload (content) of direct communication and ask how this is done. But I don't see anything like this claimed publicly, more that you derive this claim from what you read. Note that spying on citizens can also be done by controlling their main communication platforms (i.e. local social networks as in China) and by monitoring or restricting what site they communicate with (which can be done without breaking encryption). So please give some credibility to your claim before expecting others to explain how this is done. – Steffen Ullrich Oct 07 '22 at 06:04
  • Back in 2000's NSA was successful in mass inspecting payload. Including things like copies of emails. I'm sure other governments have tried or succeeded in replicating such efforts. https://www.eff.org/nsa-spying – user3280964 Oct 07 '22 at 06:08
  • What you describe was before mass encryption - and was a trigger to use way more encryption. You specifically ask how governments can inspect the content *today* and despite mass encryption. As for mails - you just need to have sufficient control of the mail provider - which is doable in repressive countries. – Steffen Ullrich Oct 07 '22 at 06:11
  • If what you are saying is that: It is impossible for a government to mass sniff TLS encrypted traffic with 2022 technology. I will accept that answer. I do know in the past they played games like issuing fake certs for gmail, so it's possible that those games are over thanks to certificate pinning and other improvements. – user3280964 Oct 07 '22 at 06:15
  • 1
    *"... you are saying is that: It is impossible for a government to mass sniff TLS encrypted traffic with 2022 technology."* - yes, this is what I'm saying, They therefore need to use other sources they can control, i.e. local social networks, messaging and mail - and at the same time restrict access to such services they don't control. – Steffen Ullrich Oct 07 '22 at 06:17
  • That's what I thought, but I wasn't sure if my thinking was good or not. Maybe someone else has a different take on this. – user3280964 Oct 07 '22 at 06:18
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/139686/discussion-between-user3280964-and-steffen-ullrich). – user3280964 Oct 07 '22 at 06:19
  • In previous cases where this has happened, the government did not have to install certificates on people's devices or have access to people's devices. Instead, they simply hacked (or took over) a CA whose root cert was already installed on people's devices. See https://security.stackexchange.com/questions/230689/if-an-adversary-took-over-a-major-certificate-authority-what-bad-things-could-t for more info. – mti2935 Oct 07 '22 at 09:58
  • It's been known for a very long time that the US does collect information in mass... and that they redirect traffic (hard-wired) at the ISP level. The mechanism isn't known, but one thing I've thought of is a sort of "master key" at the CA to produce whatever cert they need for MITM against TLS.... but who knows. We also know that they have the ability to sniff packets and change/inject their own packets. (I think the Snowden papers revealed that.) China has their own CA which I think Chrome kicked off it's list after they issued certs for *.google.com. – pcalkins Oct 07 '22 at 21:58
  • 1
    not sniffing per se, but you may still be able to tell what is being accessed through traffic analysis - for a reasonably recent overview, see [https://www.enisa.europa.eu/publications/encrypted-traffic-analysis/at_download/fullReport] 2019, in particular, "3. TAXONOMY OF ENCRYPTED TRAFFIC ANALYSIS" and "8. ENCRYPTED TRAFFIC ANALYSIS USE CASE: FINGERPRINTING" ... although, off the top of my head, i can't think of any large-scale effort to scrape the internet and maybe build these databases of content fingerprints ... – brynk Oct 08 '22 at 04:13

1 Answers1

2

The reason you have to install a root CA certificate is because you don't already control a "trusted" certificate authority. This is a problem that (major) governments don't necessarily have. One risk of doing business - including business as a CA - in such countries: if the government demands the "keys to the kingdom" (the root cert that is already trusted on every device), you can't necessarily say no.

In practice, though, they mostly don't do that. It would be a a problem for everybody who doesn't want authoritarian governments reading our traffic, as most of the time, any CA can issue a cert for any site. Disabling "trusted" certs requires actions most people don't know how to take on desktop, and is impossible without rooting on mobile. People can try to just not route traffic anywhere near such countries (and hope they don't control routers outside their borders) but this would be a security disaster. It would also draw immediate and enormous international censure. So - while such attacks are certainly theoretically possible, and some (few) people use things like certificate pinning to mitigate them - in practice they don't usually happen.

What does happen is that, as part of doing business in the country, the authoritarian government demands the ability to monitor all your traffic at the server, after TLS termination. Or possibly they demand you do the monitoring and report stuff to them, and throw everybody in prison if you don't do it to their standards.

For services that are hosted internationally and don't comply with these requirements, the government simply blocks connections to the relevant IP addresses. You can sometimes get around this with VPNs, of course, but often only personally- or sometimes employer-operated ones; anything else, the government will realize it's being used to circumvent their monitoring/censorship, and block access to it too.

As for certificate pinning, that's mostly a non-issue. Not many mobile apps use it, and far fewer desktop ones. It tends to break badly with e.g. corporate networks that can (and do) install a private root CA on all company devices and perform universal TLS interception with it, which happens often enough in the USA to be a problem. It also is just risky any time you might have to rotate certs (although you can - and should - pin a backup, and there are other mitigations like pinning to the CA rather than the leaf cert).

For apps that do use pinning and are being distributed in the countries in question, it again comes down to needing to play by the government's rules. If you won't give them access directly, they probably prohibit distribution or use of the app and block connections to its servers. With that said, even for apps that do provide server-side access yet use pinning, it wouldn't shock me if the gov didn't force them to include a government cert in the allowed pins too.

CBHacking
  • 42,359
  • 3
  • 76
  • 107
  • This is a very good answer. I still don't understand how they can get control with certificate pinning in place. Let's take iPhone + Snapchat (which has certificate pinning). Will the authoritarian government demand that as a condition for them not to block access to App Store as a whole, Apple must remove Snapchat from the store (or alternatively replace Snapchat with a non-pinned version?). And all these exceptions are managed by geo-fencing. In other words there are different Apple App Stores for different countries? Has anyone done research on these exceptions and forced back doors? – user3280964 Oct 09 '22 at 20:43
  • @user3280964 an authoritarian regime could block the snapchat servers ip addresses – Ángel Oct 09 '22 at 22:45
  • @user3280964 As I said, they'll just tell Snapchat "let us monitor your servers _after TLS termination_", in which case pinning doesn't mean anything because the (legitimate) server has already decrypted the traffic. If Snapchat says no (as most western companies do) then - as the other commenter mentioned - the government will just block access to the service. An authoritarian government definitely controls both the regional DNS servers and border gateway routers; they can selectively drop traffic to any domain or IP addresses (from within their country) that they want. – CBHacking Oct 11 '22 at 03:45