Google’s security engineer, Tavis Ormandy has discovered a vulnerability in the Kaspersky antivirus program’s interception of HTTPS traffic which coincides with its own certificate to scan for web threats.
Security vendor Kaspersky Lab updated its antivirus products to fix an issue that exposed users to traffic interception attacks as they are open to TLS certificate collisions. Kaspersky used only the first 32 bits of an MD5 hash in its SSL proxy packaged anti-virus product.
Before websites started moving to HTTPS encryption, antivirus or other web analysis tools could just look at the traffic as it was coming into the browser. However, that’s not possible anymore with websites that have encrypted their traffic.
Like other endpoint security products, Kaspersky too installs a self-signed root CA certificate on computers which it calculates on the basis of the 32-bit key of the serial number of the original certificate presented by the website and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers. This is similar to how man-in-the-middle attacks happen. However, the difference is that presumably, the users are aware of this happening when they enable the web scanning option.
The major problem is that the 32-bit key is very weak and by re-using it, an attacker could easily craft a certificate that matches the same key, creating a collision and intercepting the traffic of multiple sites when Kaspersky users would access them.
Ormandy also reported that Kaspersky sometimes got certificate errors for mismatching commonNames and even after the Project Zero security researcher received the acknowledgement from the security vendor on November 01, the exploit could still be exploited.
However, both the flaws were amended by Kaspersky on December 28.
Ormandy tweeted, "If you're not being attacked, you would see random errors. A MITM [man in the middle] can send you packets from where you were expecting."
Kaspersky Lab pointed out that there is an additional check being performed on the domain name in addition to the 32-bit key. This makes attacks harder, but not impossible.
It’s likely that most users aren’t aware the antivirus software can see their traffic, though, because not everyone is aware of all the intricacies of antivirus and security technologies. Therefore, this “solution” to encrypted web threats may unnecessarily put most users at risk when they don’t know what they’re doing. Some security experts believe that no antivirus program should be allowed to do TLS interception of all web traffic.
Security vendor Kaspersky Lab updated its antivirus products to fix an issue that exposed users to traffic interception attacks as they are open to TLS certificate collisions. Kaspersky used only the first 32 bits of an MD5 hash in its SSL proxy packaged anti-virus product.
Before websites started moving to HTTPS encryption, antivirus or other web analysis tools could just look at the traffic as it was coming into the browser. However, that’s not possible anymore with websites that have encrypted their traffic.
Like other endpoint security products, Kaspersky too installs a self-signed root CA certificate on computers which it calculates on the basis of the 32-bit key of the serial number of the original certificate presented by the website and uses it to issue "leaf," or interception, certificates for all HTTPS-enabled websites accessed by users. This allows the product to decrypt and then re-encrypt connections between local browsers and remote servers. This is similar to how man-in-the-middle attacks happen. However, the difference is that presumably, the users are aware of this happening when they enable the web scanning option.
The major problem is that the 32-bit key is very weak and by re-using it, an attacker could easily craft a certificate that matches the same key, creating a collision and intercepting the traffic of multiple sites when Kaspersky users would access them.
Ormandy also reported that Kaspersky sometimes got certificate errors for mismatching commonNames and even after the Project Zero security researcher received the acknowledgement from the security vendor on November 01, the exploit could still be exploited.
However, both the flaws were amended by Kaspersky on December 28.
Ormandy tweeted, "If you're not being attacked, you would see random errors. A MITM [man in the middle] can send you packets from where you were expecting."
Kaspersky Lab pointed out that there is an additional check being performed on the domain name in addition to the 32-bit key. This makes attacks harder, but not impossible.
It’s likely that most users aren’t aware the antivirus software can see their traffic, though, because not everyone is aware of all the intricacies of antivirus and security technologies. Therefore, this “solution” to encrypted web threats may unnecessarily put most users at risk when they don’t know what they’re doing. Some security experts believe that no antivirus program should be allowed to do TLS interception of all web traffic.