Google has pushed out an update that blocks an intermediate digital certificate for *.google.com after discovering that a Turkish certificate authority had mistakenly issued intermediate certificates to two organizations that should only have gotten normal SSL certificates. That error gave those two organizations the power to issue certificates that carried the same authority as the CA itself and allowed one of the organizations to issue the fraudulent wild card certificate for Google. One of the groups that obtained the intermediate certificate is a Turkish government agency and at least one of the major browser vendors said there was evidence the ceritificates had been used in an active attack.
The problem was discovered by Google security personnel just before Christmas and the Google team quickly found that it was a Turkish CA named TURKTRUST that had issued the intermediate certificate. That mistake essentially granted the company with the intermediate certificate the ability to issue certificates for any domain it chose.
“In response, we updated Chrome’s certificate revocation metadata on December 25 to block that intermediate CA, and then alerted TURKTRUST and other browser vendors. TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates. On December 26, we pushed another Chrome metadata update to block the second mistaken CA certificate and informed the other browser vendors,” Google’s Adam Langley wrote in an analysis of the episode.
Microsoft also has taken steps to block the fraudulent certificate for Google, revoking trust in the problematic intermediate certificates and pushing the change to users.
“TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties,” Microsoft said in a security advisory issued Thursday.
“To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue.”
Neither Google nor Microsoft has said whether the wild card certificate was used in any actual attacks, but the implications of the mistake by TURKTRUST are huge. With an intermediate certificate in hand, an attacker would have the ability to issue a valid certificate for any domain she chose. The attacker then would be able to represent to a user’s browser that the domain is legitimate, thereby fooling the user into trusting the site. Using such an attack to impersonate a bank or shopping site could lead to a major payday for an attacker, but using it to impersonate a Google service such as Gmail could create an entirely separate set of problems.
Mozilla on Thursday also said it was revoking trust in the two intermediate certificates because “we are concerned that at least one of the mis-issued intermediate certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control.” Mozilla officials said that the implications of the two certificates were troubling.
“An intermediate certificate that is used for MITM allows the holder of the certificate to decrypt and monitor communication within their network between the user and any website. Additionally, If the private key to one of the mis-issued intermediate certificates was compromised, then an attacker could use it to create SSL certificates containing domain names or IP addresses that the certificate holder does not legitimately own or control. An attacker armed with a fraudulent SSL certificate and an ability to control their victim’s network could impersonate websites in a way that would be undetectable to most users. Such certificates could deceive users into trusting websites appearing to originate from the domain owners, but actually containing malicious content or software,” Michael Coates, director of security assurance at Mozilla, said in a blog post.
This episode is eerily reminiscent of one in 2011 in which an attacker was able to issue to himself a valid wild card certificate for Google, as well as several other high-value sites. That attack on the Comodo certificate authority involved the attacker stealing credentials for a registration authority connected to Comodo in Europe and then issuing the certificates. The same attacker later took credit for a similar compromise of DigiNotar, a Dutch CA that eventually went out of business as a result of the compromise.
The problem with TURKTRUST doesn’t appear to be the result of an attack on the CA, though. Rather, it seems to have been a mistake. Still, Google officials said they plan to update Chrome again in the near future to remove the extended validation status of any current EV certificate issued by TURKTRUST.
“Since our priority is the security and privacy of our users, we may also decide to take additional action after further discussion and careful consideration,” Langley said.
