CA Linked to Chinese Registrar Issued Unauthorized Google Certificates

Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for virtually any domain.

Google’s engineers were able to block the fraudulent certificates in the company’s Chrome browser by pushing an update to the CRLset, which tracks revoked certificates. The company also alerted other browser vendors to the problem, which was discovered on March 20. Google contacted officials at CNNIC, the Chinese registrar who authorized the intermediate CA, and the officials said that they were working with MCS to issue certificates for domains that it registered.

But, instead of simply doing that, and storing the private key for the registrar in a hardware security module, MCS put the key in a proxy device designed to intercept secure traffic.

“CNNIC responded on the 22nd to explain that they had contracted with MCS Holdings on the basis that MCS would only issue certificates for domains that they had registered. However, rather than keep the private key in a suitable HSM, MCS installed it in a man-in-the-middle proxy. These devices intercept secure connections by masquerading as the intended destination and are sometimes used by companies to intercept their employees’ secure traffic for monitoring or legal reasons,” Google’s Adam Langley said in a blog post Monday.

“The employees’ computers normally have to be configured to trust a proxy for it to be able to do this. However, in this case, the presumed proxy was given the full authority of a public CA, which is a serious breach of the CA system.”

Langley said that although the certificate is blocked in Chrome and the other browser vendors are aware of the problem, that may not be the end of it. The CNNIC authority is trusted by all of the major browsers.

“CNNIC is included in all major root stores and so the misissued certificates would be trusted by almost all browsers and operating systems. Chrome on Windows, OS X, and Linux, ChromeOS, and Firefox 33 and greater would have rejected these certificates because of public-key pinning, although misissued certificates for other sites likely exist,” Langley said.

Mozilla officials said they have pushed an update in the OneCRL function in Firefox to revoke trust in the unauthorized MCS certificate. The

“China Internet Network Information Center (CNNIC), a non-profit organization administrated by Cyberspace Administration of China (CAC), operates the “CNNIC Root” and “China Internet Network Information Center EV Certificates Root” certificates that are included in NSS, and used to issue certificates to organizations and the general public. CNNIC issued an unconstrained intermediate certificate that was labeled as a test certificate and had a two week validity, expiring April 3, 2015. Their customer loaded this certificate into a firewall device which performed SSL MITM, and a user inside their network accessed other servers, causing the firewall to issue certificates for domains that this customer did not own or control,” Mozilla’s Kathleen Wilson said in a blog post.

The CNNIC issue is very similar to a problem that arose in 2013 with French CA ANSSI. In that case, an intermediate CA also issued unauthorized certificates for some Google domains, using the trust placed in ANSSI, the higher-level CA. The intermediate CA also was used in a man-in-the-middle proxy device.

“ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network. This was a violation of their procedures and they have asked for the certificate in question to be revoked by browsers. We updated Chrome’s revocation metadata again to implement this,” Langley said at the time. 

The latest case of fraudulent certificate issuance highlights one of the key weaknesses in the CA system: Every certificate authority has the power to issue certificates for any domain. It’s a problem that has arisen time and again over the years, and experts have yet to find a suitable solution.

Suggested articles

Newsmaker Interview: Scott Helme on Securing the Web

Threatpost sat down with Helme to discuss the state of web security, including certificate transparency, HTTPS deployment, Let’s Encrypt, content security policy and HTTP strict transport security.

Discussion

  • Matt H on

    So, who audits the certificate authorities to verify that they can be trusted? Stories like this make me want to setup a policy to whitelist CAs...
    • Rick on

      CA typically have to pass a WebTrust or similar audit (or be a government) to get their root certificate pout in Windows certificate store. I dont know about Chrome's policy. So unfortunately CA trust becomes diluted. The solution is to deploy something like DANE/DNSSEC RFC6698 that would return the fingerprint of the actual server certificate along with the server IP address in a DNS lookup. If the certificate returned to the browser has a different fingerprint, dont connect.
  • bro@china.com on

    "We believe that this MITM instance was limited to CNNIC’s customer’s internal network." So the only difference between this and standard SSL intercept devices commonly used on coporate networks, is that it was from an intermediate CA. Oh, and it was in China.
07/18/18 5:55
LabCorp investigates a potential #databreach that could affect millions: https://t.co/SiurmhxV71

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.