NEWS FROM THE LAB - Wednesday, March 23, 2011

Rogue SSL Certificates ("Case Comodogate") Posted by Mikko @ 20:27 GMT

SSL certificates are used by websites to confirm their identity to end users.

ComodogateCertificate vendor Comodo has announced today that nine rogue certificates were issued through them. These certificates were issued for:

  •  mail.google.com (Gmail)
  •  login.live.com (Hotmail et al.)
  •  www.google.com
  •  login.yahoo.com (three certificates)
  •  login.skype.com
  •  addons.mozilla.org (Firefox extensions)
  •  "Global Trustee"

According to Comodo, the registrations seemed to be coming from Tehran, Iran and they believe that because of the focus and speed of the attack, it was "state-driven".

What can you do with such a certificate?

Well, if you are a government and able to control Internet routing within your country, you can reroute all, say, Skype users to fake https://login.skype.com and collect their usernames and passwords, regardless of the SSL encryption seemingly in place. Or you can read their e-mail when they go to Yahoo, Gmail or Hotmail. Even most geeks wouldn't notice this was going on.

What about the rogue certificate for addons.mozilla.org? Initially I thought there would be no other reason than to use Firefox extensions as some sort of malware install vector. However, Eric Chien from Symantec came up with an interesting alternate theory: it could be used to block the installation of certain extensions that bypass censorship filters (thanks, Eric!) For examples of such extensions, see here and here.

As certificate revocation systems in place are far from fool proof, Microsoft has just announced that they will be shipping a Windows update that will force these rogue certificates to be moved to the local untrusted certificate store.

Updated to add: Comodo has now said the attacker gained entry to its system by obtaining the password and username of a European affiliate. Once inside, the attacker could have issued certificates to any site he wanted. Wall Street Journal has more on the breach.

Updated to add: What's the importance of a Certificate issued for "Global Trustee"? We don't know. This isn't a documented entity anywhere we could find. Our best guess at this point is that there is some hardware product from some large vendor with hardcoded support for a certificate for "Global Trustee"…

Updated to add: Iran does not have it's own CA. If they did, they wouldn't need to do any of this as they could just issue rogue certificates themselves. On Twitter, @xirfan commented on this, saying: "I work for a webhoster. Our Iranian & Syrian customers aren't allowed SSLs".

Here's a full list of root certificates stored in the Mozilla project Root CA store. It includes certificates issued by CAs in China, Israel, Bermuda, South Africa, Estonia, Romania, Slovakia, Spain, Norway, Colombia, France, Taiwan, UK, The Netherlands, Turkey, USA, Hong Kong, Japan, Hungary, Germany, and Switzerland.

Updated to add: A person or persons claiming to be "Comodo Hacker" has posted a public note on the incident. The person/people behind the post do seem to have had access to Comodo's or instantssl.it's internal systems. Whether the rest of their story is true or not, we don't know.