Skip to content ↓ | Skip to navigation ↓

Researchers have discovered multiple instances of phony SSL certificates being used to impersonate financial institutions, eCommerce vendors, Internet Service Providers and social networking platforms.

SSL certificates are used to authenticate secure encrypted internet connections by binding an organization’s identity, like a bank, to the appropriate domain name, server name, or host name.

Rogue SSL certificates can be used to commit man-in-the-middle (MitM) attacks that leave the targets under the impression that they are engaged in an encrypted session when their data is actually being compromised prior to transmission.

“Successful attacks would allow criminals to decrypt legitimate online banking traffic before re-encrypting it and forwarding it to the bank,” the researchers said. “This would leave both parties unaware that the attacker may have captured the customer’s authentication credentials, or manipulated the amount or recipient of a money transfer.”

The risk is greatest for those who engage in non-browser transactions, as many applications will not recognize that an SSL certificate is not signed by a trusted certificate authority (CA), where most browsers would flag the certificate and issue a warning to the user.

“Online banking apps for mobile devices are tempting targets for man-in-the-middle attacks, as SSL certificate validation is far from trivial, and mobile applications often fall short of the standard of validation performed by web browsers,” the researchers noted.

Fraudulent SSL certificates themselves are not adequate to carry out a MitM attack, as the perpetrator would also need to be a network and internet connection with the target to intercept the communications, and setting up a malicious wireless access point is the most common way to accomplish this.

“Setting up a rogue wireless access point is one of the easiest ways for an individual to carry out such attacks, as the attacker can easily monitor all network traffic as well as influence the results of DNS lookups.”

Read More Here…