Unauthorized certificates being used for Google domains
Certificates misused to create man-in-the-middle proxy
In this case, digital certificates have been issued by an intermediate certificate authority called CNNIC. The unauthorized SSL certificates are misused by a third party, who have inserted a man in the middle proxy. This is similar to the SuperFish or PrivDog scenario, only this time, no cyber criminal is required to create the proxy, it is already present as the data is already being transferred through an insecure device. Since CNNIC is a widely used vendor, the misused certificates would be trusted by most web browsers on OS X, Android and Windows. However, Google Chrome, Firefox 33 and higher are safe. Newer versions of Google Chrome or Chromium also implement a security feature know as CRLSets which allows the browser to quickly block invalid certificates in emergency situations.
CNNIC responded by saying that they were under a contract with a company called MCS Holdings, who were supposed to only issue certificates for the domains that they had registered. It turns out though, that MCS ended up inserting a man-in-the-middle proxy instead. This means that although the connection appears to be private and secure, the data is actually transmitted through an unregistered device, which may end up giving cyber criminals unauthorized access to sensitive data such as credit card info, passwords and more. Hopefully the certificate authorities will act quickly to put an end to this issue.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a nice (and secure) day!