CRT certificate -- what are the risks?

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
There is a certain ISP that provides content filtering at various levels, as per the user's personal preferences, and this filtering is at the ISP level, it is not performed on the user's personal device.
They ask users to install a CRT security certificate.
How severe is the security risk?
I am not overly concerned about privacy issues, such as someone knowing what websites I visit etc.
I am more concerned about actual security issues, such as safe banking, protecting logon credentials, etc.
 
  • Like
Reactions: Rengar

larry goes to church

Level 3
Verified
Mar 10, 2017
103
To begin,

Your ISP is routing all of your traffic so you they have full visibility of everything you send already.
This is why people use VPNs.


I'm not exactly sure why they would want you to install a certificate though.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
To begin,

Your ISP is routing all of your traffic so you they have full visibility of everything you send already.
This is why people use VPNs.


I'm not exactly sure why they would want you to install a certificate though.
Without the certificate, certain websites are hard or impossible to log onto
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Any details on the CRT Certificate, or ISP?
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Any details on the CRT Certificate, or ISP?
The ISP is an Israeli one, I am sure you never heard of it: Internet Rimon.
The certificate, well, they give you an exe file to run, it installs a file named RimonCrt.exe.
I also found this path on my computer:
C:\Windows\System32\Tasks_Migrated\RimonCrt
 
  • Like
Reactions: Ink

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Not sure of your specific case, but
many root certificates are preinstalled in the computer and this protected list is managed by well-known manufacturers (Microsoft, Apple, Google...).
The security risk occurs when in this list is installed an untrusted certificate so that all the child certificates generated, will become trusted. Then a possible suspect site will be protected (padlock) and trusted (without warning).
Who can tamper with the list? On your PC it can be altered voluntarily by the user, by a malware or by the administrator of the domain if the PC is connected to a corporate network...but certainly not from your ISP.
I assume your ISP will have taken all necessary measures to ensure your safety.
 
  • Like
Reactions: shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Not sure of your specific case, but
many root certificates are preinstalled in the computer and this protected list is managed by well-known manufacturers (Microsoft, Apple, Google...).
The security risk occurs when in this list is installed an untrusted certificate so that all the child certificates generated, will become trusted. Then a possible suspect site will be protected (padlock) and trusted (without warning).
Who can tamper with the list? On your PC it can be altered voluntarily by the user, by a malware or by the administrator of the domain if the PC is connected to a corporate network...but certainly not from your ISP.
I assume your ISP will have taken all necessary measures to ensure your safety.
Rimon does not go into the list of root certificates, at least, I didn't find it in there.

EDIT: In the past, I was using Rimon, and I didn't know about their certificate, and I had issues with logging onto secure sites. I think I had trouble with MT, actually. Then someone told me about their certificate, which alleviates that problem.
This morning I discontinued the service, for other reasons, but the whole thing remains a mystery to me.
I saw someone on a Hebrew language Linux forum who went ballistic about the enormous security and privacy issues with this certificate, but I am not convinced he even knew what he was talking about. You know, sometimes the linux enthusiasts can get a little carried away about privacy issues...
 
Last edited:
  • Like
Reactions: Winter Soldier

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top