Analysis shows that a number of ‘secure’ HTTP connections are forged

12 May 2014

A significant number of secure HTTPS connections have been created with forged certificates without the owner’s knowledge, according to new research by a team of computer scientists.

By being able to monitor the number of forged certificates occurring on particular websites, a team of computer scientists are able to build a reasonably accurate picture of the scale of malicious activity occurring in the supposedly secure HTTPS encryption software.

According to the study’s findings, out of a total of 3.45m connections made to Facebook’s servers in a particular period of time, 6,845 (or 0.02pc) were found to have been attributed to forged digital certificates.

While hardly on a scale that could be considered widespread, it still indicates a significant number, especially after the findings show the majority of forged certificates were originating from computers running a number of lesser-known anti-virus packages including Eset and Bitdefender.

Another major worry found from the results show that the second most-attributed source of forged certificates was from commercial firewalls and work networks.

One of the most commonly presented sources of malware seen in the forgeries was one known as IopFailZeroAccessCreate that appeared in 112 certificates across 45 countries showing the spread of the problem.

The general purpose of these malicious pieces of software had all of the familiar outcomes including mining of user login information and the insertion of banner ads in websites illegally.

The team of researchers had this to say about their results: “One should be wary of professional attackers that might be capable of stealing the private key of the signing certificate from antivirus vendors, which may essentially allow them to spy on the antivirus users (since the antivirus root certificate would be trusted by the client). Hypothetically, governments could also compel antivirus vendors to hand over their signing keys.”

https image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com