[ad_1]
Getty Images | Thomas Jackson
Major browser makers are blocking the use of a root certificate used by the Government of Kazakhstan to intercept Internet traffic.
Mozilla and Google have issued a joint statement that "companies have deployed technical solutions in Firefox and Chrome to prevent the Kazakh government from intercepting Internet traffic in the country." Each company deploys "a unique technical solution for its browser," they said.
Apple explained to Ars that it was also blocking the ability to use the certificate to intercept Internet traffic.
Kazakhstan reportedly declared that the use of this certificate was terminated. But the actions of the browser makers could protect users who have already installed or prevent the future use of the certificate by the Government of Kazakhstan.
Mozilla and Google have said they have taken action in response to "credible information that Internet service providers in Kazakhstan have asked people in Kazakhstan to download and install a government-issued certificate on all devices. and in all browsers to access the Internet ". The certificate "allowed the [Kazakhstan] The government decrypts and reads everything that a user types or publishes, including intercepting his account information and passwords, "the companies wrote." This was aimed at people visiting popular Facebook, Twitter and Google sites, among others. "
Certificate blocked after installation
Mozilla explained in another message that Kazakhstan's root certificate "will not be approved by Firefox even if the user has it installed."
"We think this answer is appropriate because users in Kazakhstan are not allowed to choose the certificate to install and because this attack undermines the integrity of a critical network security mechanism," said Mozilla. The company also encouraged Internet users in Kazakhstan to "search for the use of Virtual Private Network (VPN) software, or the Tor browser, to access the Web."
Similarly, Google has stated that "Chrome will block the certificate that the Government of Kazakhstan has asked users to install" and that "no action is necessary for the users to be protected".
Google has added the certificate to CRLSets, which Chrome uses to "quickly block certificates in case of emergency".
In addition, Google stated that "the certificate will be added to a blocking list in the Chromium source code and should therefore be included in other Chromium-based browsers in a timely manner".
Mozilla does not "take such action lightly, but the reason Firefox exists is to protect our users and the integrity of the Web," said Marshall Erwin, senior director of security and security at Mozilla .
Chrome's chief engineering officer, Parisa Tabriz, said Google "will not tolerate any attempt by an organization, government, or other – to compromise Chrome's user data."
When he made contact with Ars, Apple said that it was blocking the certificate so that it could not be used to intercept Internet traffic even after a user l? has installed.
"Apple believes that privacy is a fundamental human right and we design every Apple product to protect personal information," Apple said in a statement to Ars and other media. "We have taken steps to ensure that the certificate is not approved by Safari and our users are protected from this problem." This covers Safari for iOS and MacOS, said Apple in Ars.
Edge and Internet Explorer
The situation with Microsoft is a little more troubled.
Microsoft, the manufacturer of Edge and Internet Explorer, told the motherboard that "the certification authority in question is not a trusted certification authority in our trusted root program." This means that the certificate will not be installed by default, but a browser user may choose to install it.
Not trusting the certificate is not necessarily enough to prevent users from being spied on. A Censored Planet report dated July 23rd mentioned by Mozilla and Google states: "The CA is not approved by default browsers and must be manually installed by a user".
But Kazakh Internet users "absolutely can not access the sites concerned if they do not install the root certificate for the false certification authority and do not allow interception," says the report. .
If Microsoft does not trust the certificate, it may be a little harder for users to install. But if Microsoft does not block the ability to spy on users after installing the certificate, they will not be protected as users of other browsers.
On the benefits side, Microsoft is switching Edge to a Chromium back-end so that the Edge will eventually benefit from built-in protection in Chromium. But the Chrome-based Edge is still in beta.
We asked Microsoft how it treated the Kazakhstan certificate and will update this article if we get an answer.
Kazakhstan price: "There is no reason for concern"
According to a Reuters article published Aug. 7, "Kazakhstan has put an end to the implementation of an Internet surveillance system deemed illegal by lawyers, the government describing its initial deployment as a test."
State security officials claimed that they were trying to protect the people of Kazakhstan against "hacker attacks, online fraud and other types of computer threats," he said. writes Reuters.
President of Kazakhstan, Kassym-Jomart Tokayev, "said in a tweet that he personally had ordered the test, which showed that protective measures" would not bother Kazakh Internet users "", wrote Reuters. "There is no reason to worry," Tokayev said.
The Mozilla / Google publication indicated that it was "not the first attempt of the Government of Kazakhstan to intercept the Internet traffic of everyone in the country".
Companies have written:
In 2015, the Government of Kazakhstan attempted to include a root certificate in Mozilla's trusted root storage program. After discovering that they had intended to use the certificate to intercept user data, Mozilla refused the request. Shortly after, the government forced citizens to manually install the certificate, but this failed after organizations filed lawsuits.
[ad_2]
Source link