Dutch SSL Certificate Authority DigiNotar Suffers Serious Breach
( Microsoft Security Advisory 2607712 )
Critical systems at the Dutch SSL certificate vendor DigiNotar were breached by attackers in early July 2011, resulting in the attackers being able to forge over 500 certificates for sites including google.com, yahoo.com, addons.mozilla.org, and torproject.org. In addition, they forged "wildcard" certificates for the .com and .org domains, which means that any site in those domains can be impersonated by them.
An SSL certificate is typically used to validate the authenticity of web sites. By possessing a forged certificate of a legitimate site, an attacker can impersonate it. When a user establishes a secure HTTPS connection to the faked site, he will have no indication that it is not the real one. Attackers used the forged google.com certificate to intercept the encrypted GMail communications of approximately 300,000 users in Iran, allowing their emails to be decrypted and read.
Some browser vendors have already permanently blacklisted all DigiNotar-created certificates. However, as of September 9, neither Apple or Google have announced fixes for their iOS and Android portable device operating systems or browsers.
Immediate Action Required:
- Check Point recommends that all endpoint browsers be patched to the latest versions as soon as is practical.
- DigiNotar certificates should be removed from the trusted CA stores of all appliances and applications that utilize them. Specific instructions for Check Point solutions are available here.
- As an additional layer of protection, Check Point's IPS Software Blade protects unpatched systems at the network level by detecting and blocking attempts to use any certificates that originated at DigiNotar. For more information see CPAI-2011-414.
- For users of cellular phones based on Apple's iOS and Google's Android operating systems: it will take time for those companies to roll out fixes to the various vendors that sell them; therefore, you should avoid using your iOS and Android devices for HTTPS connections until a fix has been installed. Users of non-cellular portable devices that use these operating systems should exercise similar caution.
Over 500 SSL certificates are known to have been forged during the attack; however, the total number is not known due to the fact that some certificates were obtained from at least one of DigiNotar's intermediate certificate authorities, which did not have proper logging enabled. As a result, most browser vendors have permanently revoked trust in DigiNotar as a Certificate Authority. However, as of September 8 both Apple's iOS and Google's Android operating systems are still vulnerable to the forged certificates.
DigiNotar delayed disclosure of the breach for over a month after it was detected by them. In that initial notification, the company stated that all of the forged certificates had been revoked, but afterwards it was discovered that a certificate for google.com that had been generated on July 10 had not been revoked. That certificate was used to execute man-in-the-middle attacks, primarily against Iranian users, on Google services such as GMail until it was finally revoked by DigiNotar on August 29.
On September 3, the Dutch government seized control of DigiNotar's operations, and has stated it will conduct an investigation into possible criminal negligence.
In order to leverage a forged certificate, an attacker needs to perform what is called a "man in the middle" attack, where he places a system between a user and the legitimate site that the user is trying to access. One method of accomplishing this is by DNS cache poisoning, where the DNS server that the user's computer uses to resolve internet addresses is modified to point a legitimate URL to the attacker-owned "man in the middle" system. Once that is accomplished, the attacker can impersonate the legitimate site on that system without the user having any indication that he is not connected to the real site.
Analysis and Recommendations
This event is similar to an attack that was made on certificate vendor Comodo by the same attackers in March 2011. However due to the fact that it's unknown how many certificates were forged, the DigiNotar breach is far more serious and calls into question whether the SSL/TLS public key infrastructure model in its current form is sufficient to guarantee secure network communications. It is sure to escalate ongoing discussions about how to address this issue.
There are some takeaways to consider as a result of these events:
- If your web site uses SSL certificates to authenticate users, choose your certificate authority with care. Ensure that they are executing Best Practices for security. (DigiNotar had weak passwords on their external servers, did not have them patched to the latest levels, and had no antivirus/anti-malware software installed on their internal servers.)
- Ensure that you have at-the-gateway SSL certificate inspection capability, that can compare certificates to a blacklist of forged/revoked certificates
- Keep all browsers patched and updated – not just only the “corporate approved” browser, but others that employees may install on their own
- Keep your Check Point IPS products fully updated in order to have multi-layered protection
Last Updated: 09-Sep-2011