The government of Kazakhstan has begun forcing some of its citizens to install a root certificate on their devices that allows the government to intercept and decrypt supposedly secure traffic bound for various sites. The interception is being implemented at the carrier level and appears to be aimed at a few dozen domains specifically, researchers say.
The action began late last week and it has browser vendors concerned about the privacy implications and potential safety issues for their users in the country. In practical terms, the installation of a root certificate on a user’s device allows the owner of the certificate to intercept, inspect and then re-encrypt the traffic between the device and any site, completely destroying the privacy and security of HTTPS sessions. It also serves as an effective mass surveillance mechanism, giving the certificate owner access to all of the encrypted traffic moving through its servers on the way to other destinations.
Although the certificate issue only affects people in Kazakhstan, the incident is not unique. There have been a number of other similar operations in which governments have either forced or strongly suggested that people install a certificate that gave them access to encrypted communications. Individuals in Kazakhstan began seeing a message displayed by their mobile carriers or ISPs directing them to install the government’s root certificate about a week ago, an action that not only threatens the security and privacy of the affected people but also sets a dangerous precedent, experts say.
“In my view, and the overwhelming view of my colleagues in the security engineering community, this is a dangerously misguided policy, and will have the effect of making every citizen impacted by this policy less safe. It is difficult enough for the largest technology companies in the world to secure their own central network & certificate infrastructure; the notion that a modestly funded small government with limited technical resources can pull it off is naive, to say the least,” said Kenn White, a senior security engineer and director of the Open Crypto Audit Project.
“A successful attack against those central root CA keys could potentially catastrophically undermine web transaction confidentiality including eCommerce, banking, email and social media activities. A sufficiently resourced adversary holding those compromised keys could in practice eavesdrop, spoof, or defraud citizens relying on secure network communication.”
Researchers with Censored Planet, a project at the University of Michigan that studies worldwide censorship efforts, looked at the details of the Kazakh government’s interception system and found that it is focused mainly on sites such as Twitter, Facebook, and Google, and said it is not affecting every Internet user or connection in the country.
“Only certain sites are intercepted, and interception is triggered based on the SNI hostname. At least 37 domains are affected, including social media and communication websites. So far, the attack appears to affect a fraction of connections passing through the country’s largest ISP, Kazakhtelecom (AS 9198 KazTelecom),” the researchers said.
The issue of government-level interception of encrypted traffic or weakening of secure communications protocols has become more and more pressing in the last few years as encrypted messaging apps such as Signal, WhatsApp, and others have become ubiquitous, especially in countries where mobile devices are the dominant means of accessing the Internet. The Russian and Chinese governments have reportedly pressured the makers of some encrypted messaging apps to weaken their security, and in some cases have blocked apps that don’t comply.
And four years ago, the Kazakh government tried a similar tactic, attempting to force citizens to install a root certificate it controlled. That attempt didn’t end well, as a number of different companies and other organizations sued the government. The government also asked Mozilla, maker of the Firefox browser, to add the certificate to its trusted root CA store, a request that Mozilla denied. This time, the government isn’t asking the browser vendors and is instead going directly to the user population. The Kazakh government is spinning the certificate installation as a security benefit, rather than a weakness.
“The introduction of a security certificate will help in the protection of information systems and data, as well as in identifying hacker cyber attacks of Internet fraudsters on the country's information space systems, private, including the banking sector, before they can cause damage,” according to a statement from the government in a local Kazakh publication.
"This is a dangerously misguided policy, and will have the effect of making every citizen impacted by this policy less safe."
So far, none of the major browser vendors has taken any action in regard to the Kazakhstan certificate, but representatives from Google and Mozilla have been discussing the possibilities for the last few days in various forums. The browser vendors could block the certificate outright if they chose to, but that’s a rare occurrence and hasn’t happened.
The Censored Planet researchers found that although the Kazakh government’s interception efforts are being implemented through carriers and providers, they are not affecting most of the country’s citizens right now.
“There are over 200,000 reachable TLS hosts in Kazakhstan, but only 6736 of them present a valid browser-trusted certificate according to Censys. On July 21, we performed a TLS handshake from a US-based vantage point to each of these 6736 HTTPS servers, setting the SNI to facebook.com and google.com, domains known to trigger HTTPS interception. We found only 459 servers (7.0%) had certificates injected, suggesting that Kazakhstan’s HTTPS interception is currently only happening in a fraction of the country,” the researchers said.
HTTPS interception is commonly used in enterprise and government networks as a method for inspecting outbound traffic. But implementing it at the carrier or national level presents technical issues that go beyond just the security and privacy concerns.
“One of the problems with a scheme like this is that it would immediate trigger wide-scale errors for citizens accessing the web, causing 'untrusted' messages in browsers and mobile devices. It is difficult to overstate the technical problems, but consider that nearly every network-connected device will contain a special file called a trust store, which is a list of 3rd parties that are trusted,” White said.
“Such files are embedded into every operating system, including every mobile device, tablets, desktop and servers, set top boxes, video games, smart thermostats, even wristwatches. The notion that these would be modified at the whims of a current ruling political party is simply absurd.”
For people affected by this or future interception efforts, White said there’s not a great deal they can do, particularly in countries with repressive regimes where the consequences of evasion could be severe.
“Assuming such a policy did go into effect, it's difficult to say what technical recourse users would have. Normally, if there is serious concern about network eavesdropping, we might look at technologies like virtual private networks, but it's unclear how effective that would be in this case if the underlying device (mobile or desktop) has been modified to trust a suspect 3rd party root authority. For typical consumers, the decision would seem to come down to modifying their altered system at the risk of violating the law and possibly exposure to state legal actions, or leaving the configuration in place and accepting surveillance,” White said.