Security Experts:

Google Finds Unauthorized Certificates Issued by Intermediate CA

Unauthorized certificates for several Google domains were issued earlier this month by an Egypt-based company that obtained an intermediate certificate from the China Internet Network Information Center (CNNIC), the search giant reported on Monday.

CNNIC, an organization under the Cyberspace Administration of China, operates certificates included in all major root stores. This means that certificates issued by the certificate authority (CA) are trusted by every popular web browser.

The misused intermediate certificate has been revoked by CNNIC, and Google, Mozilla and Microsoft have taken steps to protect their users. Google security engineer Adam Langley has pointed out that Chrome and recent versions of Firefox would have rejected the fraudulent Google certificates because of public-key pinning. However, it is likely that misused certificates exist for other domains as well, Langley said.

“We have been working diligently on the mis-issued third-party certificates and have revoked the related Subordinate Certification Authority certificate to help ensure that our customers remain protected. Customers with automatic updates enabled do not need to take any action to remain protected. For more details refer to Security Advisory 3050995,” a Microsoft spokesperson told SecurityWeek.

According to Google, the unauthorized certificates were discovered on March 20. CNNIC told the company that the intermediate certificate used to issue the fake Google certificates was given to Egypt-based MCS Holdings, which should have used it only to issue certificates for domains that they had registered.

However, instead of storing the private key on a hardware security module, MCS installed it on a firewall device that acted as a man-in-the-middle (MitM) proxy.

“These devices intercept secure connections by masquerading as the intended destination and are sometimes used by companies to intercept their employees’ secure traffic for monitoring or legal reasons,” Langley explained in a blog post. “The employees’ computers normally have to be configured to trust a proxy for it to be able to do this. However, in this case, the presumed proxy was given the full authority of a public CA, which is a serious breach of the CA system.”

While in this case it appears that the traffic interception was limited to MCS’s internal network, such an intermediate certificate can be highly valuable for a malicious actor.

“An attacker armed with a fraudulent SSL certificate and an ability to control their victim’s network could impersonate websites in a way that would be undetectable to most users. Such certificates could deceive users into trusting websites appearing to originate from the domain owners, but actually containing malicious content or software,” Mozilla’s security team said in a blog post.

Both Google and Mozilla said they are considering taking further action.

“When similar incidents have happened in the past, responses have included requiring additional audits to confirm that the CA updated their procedures, and using name constraints to constrain the CA’s hierarchy to certain domains,” Mozilla said.

MCS Holdings could not be reached for comment.

This isn’t the first time an organization issues unauthorized certificates for Google domains. Back in 2013, the French cybersecurity agency ANSSI issued such certificates and used them for MitM attacks on a private network. The agency blamed the incident on human error.

Major browser vendors have been working over the past period on addressing certificate-related issues. Google’s Certificate Transparency project aims at fixing structural flaws in the SSL/TLS certificate system through a framework for monitoring and auditing certificates in nearly real-time.

With the release of Firefox 37, Mozilla will introduce OneCRL, a new certificate revocation feature powered by a centralized list of blocked components. With the introduction of OneCRL, Firefox users will no longer have to update or restart the web browser in order to be protected.

*Updated with statement and additional information from Microsoft

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.