Apple, Google, Microsoft and Mozilla block MitM certificate of the Kazakhstan government

In early December, Kazakhstan authorities for the third time attempted to intercept all traffic of the users, including secure HTTPS connections. However, Apple, Google, Microsoft, and Mozilla responded by blocking the MitM certificate of the Kazakhstan government.

Let me remind you that these attempts began back in 2015, when the government first announced the introduction of a “national security certificate”.

It was supposed that users would be obliged to download and install a government certificate on all devices through which all protected traffic, including from foreign websites, would pass. Moreover, it was assumed that not only all HTTPS traffic but also other TLS connections will be decrypted.

In 2015, the attempt was unsuccessful, but in 2019, the country’s government returned to this idea once again. So, last summer, local operators began to send out warnings to their subscribers about the need to install a security certificate, allegedly designed to protect against cyberattacks and help fight illegal content.

Then the browser makers responded by blocking the certificate, and the Kazakh government soon announced the “end of the exercise.”

In early December 2020, the authorities of Kazakhstan again announced cyber exercises and ordered the residents of Nur-Sultan and tourists to install a special security certificate on their devices. The authorities also forced local Internet providers to block users’ access to foreign sites if the certificate was not installed.

Cyberattacks on the Kazakhstani segment of the Internet increased 2.7 times during the COVID-19 pandemic.said the official representatives of the Kazakh authorities.

Censored Planet soon reported that the certificate was working against dozens of web services, mostly owned by Google, Facebook and Twitter. Censored Planet lists the following affected sites:

  • google.com
  • youtube.com
  • facebook.com
  • vk.com
  • instagram.com
  • twitter.com
  • Mail.ru
  • allo.google.com
  • android.com
  • cdninstagram.com
  • dns.google.com
  • docs.google.com
  • encrypted.google.com
  • goo.gl
  • mail.google.com
  • messages.android.com
  • messenger.com
  • news.google.com
  • ok.ru
  • picasa.google.com
  • plus.google.com
  • sites.google.com
  • tamtam.chat
  • translate.google.com
  • video.google.com
  • vk.me
  • www.youtube.com
  • www.messenger.com
  • www.google.com
  • www.facebook.com
  • www.instagram.com
  • groups.google.com
  • Hangouts.google.com

According to Censored Planet, the percentage of hosts in Kazakhstan that were intercepted increased from 7% to 11.5% this year.

However, this time browser developers responded with a blocking. So, starting from December 18, 2020, users of Safari, Edge, Chrome and Firefox, on whose devices is installed MITM certificate, will see warnings about a security violation and information that the certificate cannot be trusted.

In a blog post, the Mozilla developers remind that back in 2019 they concluded that “this act undermines the security of users and the Internet, and also directly contradicts Principle 4 of the Mozilla Manifesto, which states: “The safety and privacy of people on the Internet is fundamental and should not be considered optional”.

We urge users from Kazakhstan who have been affected by this change to explore the possibility of using a VPN or Tor browser to access the Internet. We also strongly recommend anyone, who has followed the steps to install the Kazakhstan government root certificate, remove it from the device and change the passwords immediately.write Firefox creators.

Let me remind you that for iOS was discovered a special exploit, with the help of which China traced the Uyghurs.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *