- Jan 24, 2011
- 9,378
Tavis Ormandy, one of Google Project Zero's most proficient security researchers, has identified two issues in the way Kaspersky security products inspect HTTPS traffic for web threats.
According to the researcher, the Kaspersky performs this operation by its root certificate (Kaspersky Anti-Virus Personal Root) as a trusted certificate authority (CA) in the operating system's authorized certificate store.
Every time users access a web resource hosted via HTTPS, Kaspersky security software proxies all SSL connections and deploys its own (leaf) certificates to scan the incoming connections for any threats.
This way traffic is still encrypted, but certificates appear to be issued by Kaspersky's root certificate.
Kaspersky security products broke HTTPS connections for some users
Here's where Ormandy discovered the first problem. The researcher says that Kaspersky uses the first 32 bits of a real certificate's MD5 hash as the key for the cloned leaf certificate.
When users (re-)access HTTPS resources, the antivirus searches for this MD5 signature and reuses the same cloned leaf certificate.
"You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds. In fact, producing a collision with any other certificate is trivial," Ormandy explained in a bug report made public yesterday.
In a real-world example, Ormandy says that the 32bit key of certificates for the sites HackerNews (news.ycombinator.com) and the portal of Manchester, Connecticut (manchesterct.gov) are the same.
Ormandy reveals that this bug broke HTTPS connections for many Kaspersky users, who were unable to access secure websites, or the website downgraded to using HTTP instead.
Read more: Google Dev Finds Serious Flaws in Kaspersky's HTTPS Traffic Inspection System
According to the researcher, the Kaspersky performs this operation by its root certificate (Kaspersky Anti-Virus Personal Root) as a trusted certificate authority (CA) in the operating system's authorized certificate store.
Every time users access a web resource hosted via HTTPS, Kaspersky security software proxies all SSL connections and deploys its own (leaf) certificates to scan the incoming connections for any threats.
This way traffic is still encrypted, but certificates appear to be issued by Kaspersky's root certificate.
Kaspersky security products broke HTTPS connections for some users
Here's where Ormandy discovered the first problem. The researcher says that Kaspersky uses the first 32 bits of a real certificate's MD5 hash as the key for the cloned leaf certificate.
When users (re-)access HTTPS resources, the antivirus searches for this MD5 signature and reuses the same cloned leaf certificate.
"You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds. In fact, producing a collision with any other certificate is trivial," Ormandy explained in a bug report made public yesterday.
In a real-world example, Ormandy says that the 32bit key of certificates for the sites HackerNews (news.ycombinator.com) and the portal of Manchester, Connecticut (manchesterct.gov) are the same.
Ormandy reveals that this bug broke HTTPS connections for many Kaspersky users, who were unable to access secure websites, or the website downgraded to using HTTP instead.
Read more: Google Dev Finds Serious Flaws in Kaspersky's HTTPS Traffic Inspection System
