IndustryGoogle Warns Users of Possible Man-in-the-Middle Attacks

Google Warns Users of Possible Man-in-the-Middle Attacks

Google issued warnings today of a possible man-in-the-middle attack against users attempting to access various Google services over a secured and encrypted HTTPS protocol. Google notes that the attacks appear to be "primarily located in Iran."

Google issued warnings this morning of a possible man-in-the-middle attack against users attempting to access various Google services over a secured and encrypted HTTPS protocol. Google notes that the man-in-the-middle attacks appear to be “primarily located in Iran.”

HTTPS is the standard for encryption and requires a set of keys to work. The first key, a private key, is known only by the provider of the service. The second key, a public key, is verified by a third-party so it is known to be trusted and distributed in browsers. A verified public key can only decrypt a message signed by its private counterpart and vice-versa.

What Is a Man In the Middle Attack?

google-invalid-server-certificate

Image via CNET

A man-in-the-middle attack happens when a hacker compromises a connection between a user and the service they are trying to access – in this case, Google. The hacker uses fraudulent, but verifiable credentials, to the user, making the user believe he or she is talking Google’s servers.

However, the attacker actually intercepts the message (usernames, passwords, email contents, etc.), decrypts them with the hacked private key, then re-encrypts them with Google’s true public key and sends it on through to Google, where it’s received as normal. This go-between communication is what Google warned about in today’s announcement.

In this case, the fraudulent security certificate was issued by the formerly trusted DigiNotar. Since the news of this announcement, the Chrome team, Mozilla Firefox team and Microsoft’s Internet Explorer teams have jumped to update their browsers to revoke the trust of any certificates issued by DigiNotor.

The questions remain to discover is DigiNotar purposefully issued what they certainly had to know where falsified certificates, or if the service, itself, was hacked. Chester Wisniewski suggests the entire process for verifying those companies who issue certificates is untrustworthy.

Ironicly enough, last month Google started issuing warnings to webmasters who house malware that could initiate man-in-the-middle attacks.

Here are a few examples of what good certificates look like:

google-mail-firefox-certificate

mail-google-com-certificate-info

google-gmail-url-bar

Resources

The 2023 B2B Superpowers Index
whitepaper | Analytics

The 2023 B2B Superpowers Index

8m
Data Analytics in Marketing
whitepaper | Analytics

Data Analytics in Marketing

10m
The Third-Party Data Deprecation Playbook
whitepaper | Digital Marketing

The Third-Party Data Deprecation Playbook

1y
Utilizing Email To Stop Fraud-eCommerce Client Fraud Case Study
whitepaper | Digital Marketing

Utilizing Email To Stop Fraud-eCommerce Client Fraud Case Study

1y