Google detects fake SSL certificates for some of its domains

Social

by CBR Staff Writer| 11 December 2013

Fake certificate would be used to spoof content, carryout phishing attacks, as well perform man-in-the-middle attacks.

Google has found a cluster of unauthorised Secure Sockets Layer (SSL) certificates for some of its own domains, which were reportedly issued by an intermediate certificate authority (CA) that linked back to French certificate authority ANSSI.

Reports revealed that the fake certificate would be used to spoof content, carryout phishing attacks, as well perform man-in-the-middle attacks.

Google said in a statement that it found the certificate was issued by an intermediate certificate authority (CA) linking back to ANSSI, a French certificate authority.

"Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any website they wish to impersonate," the search major said.

"ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network."

Consequently, Google blocked the certificate in its Chrome browser, and then informed other browsers, and referred the issue to the French body.

ANSSI said in a statement that as a result of a human error which was made during a process aimed at strengthening the overall IT security of the French Ministry of Finance, digital certificates related to third-party domains which do not belong to the French administration have been signed by a certification authority of the DGTrésor (Treasury) which is attached to the IGC/A.

"The mistake has had no consequences on the overall network security, either for the French administration or the general public," the agency said.

"The aforementioned branch of the IGC/A has been revoked preventively."

Microsoft also revealed that it is aware of an improperly issued subordinate CA certificate and warned that the issue affects all supported releases of its Windows operating system.

Microsoft said in a statement that the improperly issued subordinate CA certificate has been misused to issue SSL certificates for multiple sites, including Google web properties.

"These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties," the software major added.

"The subordinate CA certificate may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.