In the past, we have seen inadvertent errors which gave parties the chance to perform a man-in-the-middle (MITM) attack in an SSL secure connection. There were cases with Trustwave, TURKTRUST and ANSSI.
In January, Gogo joined the MITM group. With Gogo, they broke the SSL connection to limit the bandwidth on their airline Wi-Fi service. Gogo apologized, but never gave a public statement to close the issue.
Now Superfish has joined the club. Not only did Superfish break the SSL connection, they put themselves in a position where they could add their own information to the stream and possibly see private information.
With the help of Lenovo, Superfish was able to place their software Visual Discovery on Lenovo laptops. With the software on board, it was allowed to place a certification authority (CA) root certificate into the Windows list of trusted root certification authorities. As such, Windows would trust the root in the same way that it trusts all other trusted root certificates.
The Superfish software could then be a trusted proxy and play MITM. When a secure connection is made it is intercepted by Superfish. The software sets up a separate connection with the targeted server and in real-time generates a certificate for the browser user to see. As such, the user has a secure connection to Superfish and Superfish has a secure connection to the targeted server.
With communications open to Superfish, it allows advertisements to be placed in the stream. But where do the advertisements come from? They come from an external Superfish server. If the communication is open to Superfish to get information in, how do we know that they are not getting information out? To date, Superfish is pointing users to Lenovo to get their information.
In addition, Superfish put the same root certificate on all laptops which is protected by the same private key. Although encrypted, the private key was easily compromised by a dictionary attack. With a corrupted root CA, attackers can easily issue fraudulent certificates which the Lenovo laptop users will trust. Please note, the fraudulent certificates don’t have to be SSL, they could also be code signing which would allow the attacker to install malware on the Lenovo laptops.
In the past, Google discovered fraudulent certificates with public key pinning in Chrome. Unfortunately, public key pinning does not work with a privately trusted anchor (root certificate) which has been added to the laptop.
If you are a Lenovo user and are not aware if you are affected, you can test here.
With Internet users getting more concerned about privacy, we will see more websites support Always-On SSL – provide security to all sites. The result will mean less communications which can be tampered with. Although there are some business cases where the parties would like SSL communications to be intercepted, this type of MITM attack should be prevented.
Update February 20, 2015: The issue is worse than we thought. The problem is due to Komodia which Superfish uses. The Komodia software uses a CA private with the same password for many of its products. Since the password has been cracked, many other deployments using Komodia may be compromised.