Google, Mozilla, Apple, Microsoft block 'root certificate that government forced citizens to install'

In response to

Kazakhstan in Central Asia requesting residents of the capital Nur - Sultan to install a 'government-certified root certificate, ' browsers from Google, Mozilla, Apple, and Microsoft issued root certificates issued by the Kazakh government. Blocked. Browser companies have pointed out that government-authenticated root certificates are used to intercept HTTPS communications.

Apple, Google, Microsoft, and Mozilla ban Kazakhstan's MitM HTTPS certificate | ZDNet

Kazakhstan spies on citizens' HTTPS traffic; browser-makers fight back | Ars Technica

After December 6, 2020, Kazakhstan's Internet Service Provider (ISP) redirects Nur-Sultan residents who attempt to access foreign Internet services to a web page that shows how to install a government-issued root certificate. I have. Unless this root certificate is installed, Nur-Sultan users will not be able to access foreign web services such as Google, Twitter, YouTube, Facebook, Instagram, and Netflix.

Kazakhstan government is intercepting HTTPS traffic in its capital | ZDNet

Kazakh government officials explain why they forced residents to install root certificates as 'cybersecurity exercises for government agencies, telecommunications, and private sectors.' According to officials, 'the number of cyberattacks targeting the Internet in Kazakhstan increased 2.7-fold during the pandemic of the new coronavirus,' the reason for starting the exercise.

However, the Kazakh government's explanation is technically meaningless for foreign media ZDNet, as root certificates are used to encrypt and protect traffic and do not help prevent mass cyberattacks. Pointed out. Industry companies were at risk of the Kazakh government's move, as users could install government-issued root certificates, allowing the government to intercept communications through man-in-the-middle attacks .

And on December 18th, Google, Mozilla, Apple, and Microsoft browsers announced that they would block root certificates issued by the Kazakh government. As a result, browsers such as Chrome, Firefox, Safari, and Edge reject the root certificate of the Kazakh government, which prevents the government from intercepting the communication contents.

This is not the first time the Kazakh government has attempted to intercept public HTTPS communications. The Kazakh government forced the installation of a government-issued root certificate in 2019, but Google and Mozilla also blocked the root certificate, and the Kazakh government's attempt was unsuccessful.

Google and Mozilla announce that they will block root certificates certified by dictatorships-GIGAZINE

Censored Planet, which investigates censorship on the Internet, noted that the percentage of users in Kazakhstan experiencing interception of communications has increased from 7% in 2019 to 11.5% in 2020.

Please note that Mozilla recommends Kazakhstan users affected by this block to use a VPN or Tor browser.

in Web Service,   Security, Posted by log1h_ik