this post was submitted on 23 Oct 2023
5 points (85.7% liked)

Privacy

96 readers
9 users here now

Privacy is the ability for an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

Rules

  1. Don't do unto others what you don't want done unto you.
  2. No Porn, Gore, or NSFW content. Instant Ban.
  3. No Spamming, Trolling or Unsolicited Ads. Instant Ban.
  4. Stay on topic in a community. Please reach out to an admin to create a new community.

founded 2 years ago
MODERATORS
[email protected]
5
Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service (notes.valdikss.org.ru)
submitted 1 year ago by [email protected] to c/[email protected]
7 comments fedilink hide all child comments
 

cross-posted from: https://links.hackliberty.org/post/241632

Security researchers have discovered what they believe may be a government attempt to covertly wiretap an instant messaging service in Germany — an attempt that was blown because the potential intercepting authorities failed to reissue a TLS certificate.

The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired.

However, jabber.ru found no expired certificates on the server — as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.

The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service.

The wiretap is believed to have lasted for up to 6 months, from April 18 through to October 19, although the researchers were only able to confirm 90 days of actual interception. “All jabber.ru and xmpp.ru communications between these dates should be assumed compromised,” wrote ValdikSS.

“Given the nature of the interception, the attacker have been able to execute any action as if it is executed from the authorized account, without knowing the account password. This means that the attacker could download account's roster, lifetime unencrypted server-side message history, send new messages or alter them in real time,” they added.

The researchers said they do not believe that the servers were hacked by criminals, but were reconfigured to facilitate the wiretapping as a result of a government request. “We believe this is lawful interception Hetzner and Linode were forced to setup,” ValdikSS wrote, referencing the hosting providers in Germany.

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago (2 children)

Makes you think who controls the root certificates we are all using by default and how those can be used to intercept traffic without us knowing

[–] [email protected] 2 points 1 year ago (1 children)

It almost makes me want to self sign my important services and import it on all my devices, though, not trusting the rest would make browsing the internet quite annoying.

I wonder how we can protect against something like this.

[–] slazer2au 2 points 1 year ago (1 children)

You can run your own private CA and sign things you access with it.

Another option is short lived certificates. If your certificate is only valid for 3 months and the certificate is compromised only the traffic in the certificate validity period is effected.

I believe that is the reason Let's Encrypt limits certificates to 3 months and google is pushing CA to stop issuing multi year certificates.

[–] [email protected] 1 points 1 year ago (1 children)

I'm trying to think of a way to make it obvious that there's another 'trusted' cert being served by a man in the middle. If I sign and trust my own, then no one else would have one from that chain.

However, the problem is still there. If someone MITM me, they can serve a Let's Encrypt cert and I'd trust it. If I don't trust any but my own cert then I can't really browse the web.

[–] slazer2au 1 points 1 year ago

This is specifically what HSTS and certificate pinning does.

When those features are enabled your app or browser is told remember this certificate fingerprint for this domain and throw an error if a different cert is used.

There is also a draft standard where you put your details of your certificate in a DNS record so if a new chain is used a cert warning is thrown. But I don't remember the specifics.

[–] slazer2au 2 points 1 year ago (1 children)

CA will have transparency, security and trusts requirements before the root certificates are added to the certificate stores of platforms.

There has been a few cases where browsers have removed CAs from the trust stores because of rouge certificate being issued by accident or on purpose.

I recall one time a middle eastern CA issued a company a certificate for Gmail by accident and their business collapsed after it was reported to the browser makers.

There are technologies you can use like HSTS or certificate pinning which will prevent rouge certificates from being used to MitM your platform.

[–] [email protected] 2 points 1 year ago

Pssst: it's rogue, not rouge.