Researchers in Europe and the US have found a weakness in the internet’s digital certificate infrastructure that allows attackers to forge certificates that are fully trusted by all commonly used web browsers.
As a result of this weakness it is possible to impersonate secure websites and e-mail servers and to perform virtually undetectable phishing attacks, implying that visiting secure websites is not as safe as it is believed to be.
The researchers, at UC Berkeley in California, the Centrum Wiskunde and Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands, presented their results at the 25C3 security congress in Berlin on 30 December 2008.
When you visit a website whose URL starts with ‘https’, a small padlock symbol appears in the browser window. This indicates that the website is secured using a digital certificate issued by one of a few trusted Certification Authorities (CAs).
To ensure that the digital certificate is legitimate, the browser verifies its signature using standard cryptographic algorithms. The team of researchers has discovered that one of these algorithms, known as MD5, is not secure.
The researchers have shown that it is possible to create a rogue CA that is trusted by all major web browsers, thereby demonstrating that MD5 can no longer be considered a secure cryptographic algorithm for use in digital signatures and certificates.
A rogue CA, in combination with known weaknesses in the DNS (Domain Name System) protocol, can open the door for virtually undetectable phishing attacks.
For example, without being aware of it, users could be redirected to malicious sites that appear exactly the same as the trusted banking or e-commerce websites they believe to be visiting.
The web browser could then receive a forged certificate that will be erroneously trusted, and users’ passwords and other private data can fall into the wrong hands.
Arjen Lenstra, head of EPFL’s Laboratory for Cryptologic Algorithms, said: ‘The major browsers and internet players – such as Mozilla and Microsoft – have been contacted to inform them of our discovery and some have already taken action to better protect their users.
‘It’s imperative that browsers and CAs stop using MD5, and migrate to more robust alternatives such as SHA-2 and the upcoming SHA-3 standard.’