TAG | man-in-the-middle
It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub.
GitHub.com is an https only website, so the only way to monitor it is to use a MITM attack to decrypt the contents of the communications. There is evidence that GitHub is widely used in China for code sharing, so the backlash from blocking it completely was too large, and it was unblocked a few days later.
The attack happened on January 26. It was poorly executed in that the faked certificate did not match the real one in any of the meta-data and it was not signed by a recognized certificate authority. This caused most browsers to report a security error. The MITM attack only lasted about an hour.
Based on reports it only impacted users in China, which strongly suggests that it was government backed at some level. My work in censorship circumvention over the years has shown that China is far from monolithic. This could have been the work of a local government or regional ISP. I have not seen an analysis showing if this was country wide or not. It seems very ham fisted for the central government.
The speculated reason for the attack is to monitor access to a list of people who have been involved in creating the Great Firewall of China, which is hosted on GitHub, and is connected to a petition on Whitehouse.gov proposing that those people be denied entry to the US.
Their Asha and Lumia phones come with something they call the “Xpress Browser”. To improve the browser experience, the web traffic is proxies and cached. That is a fairly common and accepted practice.
Where Nokia has stepped into questionable territory is when it does this for secure web traffic (URLs starting with HTTPS://). Ordinarily it is impossible to cache secure web pages because the encryption key is unique and used only for a single session, and is negotiated directly between the browser and the target website. If it was cached no one would be able to read the cached data.
Nokia is doing a “man in the middle attack” on the user’s secure browser traffic. Nokia does this by having all web traffic sent to their proxy servers. The proxy then impersonate the intended website to the phone, and set up a new secure connection between the proxy and the real website.
Ordinarily this would generate security alerts because the proxy would not have the real website’s cryptographic Certificate. Nokia gets around this by creating new certificates which are signed by a certificate authority they control and which is pre-installed and automatically trusted by the phone.
So, you try to go to Gmail. The proxy intercepts that connection, and gives you a fake Gmail certificate signed by the Nokia certificate authority. Your phone trusts that so everything goes smoothly. The proxy then securely connects to Gmail using the real certificate. Nokia can cache the data, and the user gets a faster experience.
All good right?
The fly in the ointment is that Nokia now has access to all of your secure browser traffic in the clear, including email, banking, etc.
They claim that they don’t look at this information, and I think that is probably true. The problem is that you can’t really rely on that. What if Nokia gets a subpoena? What about hackers? What about accidental storage or logging?
This is a significant breaking of the HTTPS security model without any warning to end users.
Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack.
Here is a Wired article on the same issue showing how it was used to steal 20 GB of email from a Fortune 500 company.