UPDATED: A major issuer of secure socket layer (SSL) certificates acknowledged on Wednesday that it had issued 9 fraudulent SSL certificates to seven Web domains, including those for Google.com, Yahoo.com and Skype.com following a security compromise at an affiliate firm. The attack originated from an IP address in Iran, according to a statement from Comodo Inc.
Comodo, of Jersey City, New Jersey, said, in a statement on its Web page, that an attacker was able to obtain the user name and password of a Comodo Registration Authority (RA) based in Southern Europe and issue the fraudulent certificates. The company said the hack did not extend to its root keys or intermediate certificate authorities, but did constitute a serious security incident that warranted attention.
SSL Certificates are the Internet equivalent of drivers’ licenses, said Paul Turner, the vice president of products and customer solutions at Venafi, an Enterprise Key and Certificate Management firm. The bogus certificates could be used in phishing or man in the middle attacks against organizations that haven’t updated their certificate revocation lists, he said. They could also be used to sign applications and plug ins, he said.
Registration Authorities are subordinate to Certificate Authorities, which issue SSL certificates. RAs are entrusted with the responsibility of authenticating the identities of parties who are being issued a certificate by the CA. In the latest Comodo incident, the attacker were able to falsely attest to the authenticity of the parties requesting the cert using the stolen RA login information.
The Mozilla Foundation, Microsoft, Google and other firms rushed out patches to their Web browsers on Tuesday to block the fraudulent SSL certificates. In an incident report filed on March 15, Comodo said the nine certificates were issued to seven domains, but that no attacks using the certificates had been seen in the wild.
Public attention to the breach started with researcher Jacob Appelbaum of The Tor Project, which noticed revisions to Google’s Chrome and Mozilla’s Firefox Web browsers on March 17 followed by an announcement of updates to the certificate blacklists. A key Mozilla Website, addons.mozilla.org, was one of the nine forged certificates issued.
In a statement published on its Web site, The Mozilla Foundation said that that it had updated Firefox 4.0, 3.6 and 3.5 to recognized the forged certificates and block them automatically. Mozilla said that users on a compromised network could be directed to phishing Web sites that used the forged SSL certificates and fooled into revealing personal information or downloading malicious programs. Google issued a patch for its Chrome Web browser on March 17th.
The compromise was detected last week and was believed to have lasted only hours before being detected. Attackers were still using the account at the time it was discovered and the certificates in question were revoked immediately, Comodo said. The IP address used in the attack was traced bay to an Internet Service Provider in Iran. In its statement Comodo didn’t rule out political motives for the hack.
“It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups. The attack comes at a time when many countries in North Africa and the Gulf region are facing popular protests and many commentators have identified the Internet and in particular social networking sites as a major organizing tool for the protests.”
The breach raises serious questions about the system of checks and balances used to issue and monitor SSL certificates, which are the most common tool for attesting to the validity of a Web site and secure traffic to and from it. While media attention in the last year has focused on tools like FireSheep, which extol the security benefits of using SSL to harden insecure Web sessions, security researchers have long called attention to inherent weaknesses in the infrastructure that supports SSL. The Electronic Frontier Foundation has a project, the SSL Observatory, to investigate the authenticity of SSL certificates used to secure Web sites. In particular, EFF says that Certificate Authorities, or CAs, are a weak link in the chain of trust – most browsers support a long list of CAs, but not all do a thorough job of ensuring the integrity of those requesting certificates.
Turner of Venafi said that the compromise poses huge challenges for organizations that rely on Comodo certificates. Most large organizations might store hundreds- or thousands of unique certificates on Web servers, application servers, mainframe systems and end user workstations. However, organizations typically do a poor job of keeping track of which certificates they use and where they are stored. The Comodo breach will force organizations that might replace one or two certificates in a year to swap out nine certificates in a matter of hours – a painstaking and multi-step process that is often handled manually.
Comodo may be the poster child for the vulnerability of the certificate infrastructure, but the company is hardly alone.
“Just as RSA showed they can be compromised, Comodo shows that this is something that can happen with any Certificate Authority. In fact we have no idea that it hasn’t happened to others,” he said.