Skip to main content

Google, Apple And Mozilla Block Kazakhstan Government`s Root CA Certificate to Prevent Spying.


In a move to protect its users based in Kazakhstan from government surveillance, Google, Apple and Mozilla finally today came forward and blocked Kazakhstan's government-issued root CA certificate within their respective web browsing software.

Starting today, Chrome, Safari and Firefox users in Kazakhstan will see an error message stating that the "Qaznet Trust Network" certificate should not be trusted when attempting to access a website that responds with the government-issued certificate.

As The Hacker News reported last month, all major Kazakh Internet Service Providers (ISPs) are forcing their customers into installing a government-issued root certificate on their devices in order to regain access to their Internet services.


The root certificate in question, labeled as "trusted certificate" or "national security certificate," if installed, allows ISPs to intercept, monitor, and decrypt users' encrypted HTTPS and TLS connections, helping the government spy on its 18 million people and censor content.


Once installed, the certificate allowed the Kazakh government to decrypt and read anything a user visiting popular sites—Facebook, Twitter, and Google, among others—types or posts, including intercepting their account information and passwords.

"When a user in Kazakhstan installs the root certificate provided by their ISP, they are choosing to trust a CA that doesn't have to follow any rules and can issue a certificate for any website to anyone," Mozilla explained in a blog post published today.

"This enables the interception and decryption of network communications between Firefox and the website, sometimes referred to as a Monster-in-the-Middle (MITM) attack."

Kazakhstan root ca certificate

Making installation of the custom root CA certificate not just allow the government to surveil its citizens' online activities, but also leaves them at risk of social engineering attacks as an opportunity for hackers to trick users into installing a malicious root cert from unofficial websites and sources.


After facing worldwide criticism, the Kazakh government described the initial roll-out of the certificate as a test for monitoring cyber threats and then abandoned its plans to intercept citizens' internet traffic.

"We will never tolerate any attempt, by any organization—government or otherwise—to compromise Chrome users' data. We have implemented protections from this specific issue, and will always take action to secure our users around the world," said Parisa Tabriz, Senior Engineering Director, Chrome.

"No action is needed by users to be protected. In addition, the certificate will be added to a blocklist in the Chromium source code and thus should be included in other Chromium-based browsers in due course," Google said.

Though Apple has not yet published any blog post, a spokesperson from the company contacted The Hacker News to confirm that its Safari web browser also blocks Kazakhstan's government-issued root CA certificate.

"Apple believes privacy is a fundamental human right, and we design every Apple product from the ground up to protect personal information. We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue," Apple's spokesperson told The Hacker News via an email.

This is not the first time when the Kazakhstan government intercepted the internet traffic of its citizens.

In 2015, the government attempted to have a root certificate included in Mozilla's trusted root store program, but the company denied the request as soon as it was discovered that the Kazakhstan government was intending to use that certificate to intercept user data.

Both Google and Mozilla are encouraging you to remove the Kazakhstan government root certificate from your devices if you have already installed it and to change your passwords for each of your online accounts immediately.











Comments

Popular posts from this blog

Escaped Murder Suspect Finally Arrested in Yumbe Regional Referral Hospital, Yumbe District.

Story by Osuta Yusuf. 19-November-2024. 📸: Eyotre Kennedy handcuffed on bed while receiving medication this morning at Yumbe Regional Referral Hospital in Yumbe District. Eyotre Kennedy originating from Etoko village, Nyoroo Parish, Nyadri Sub-county in Maracha District who has for many years been terrorizing residents in his village, has finally been arrested this Monday morning 19-November-2024 while receiving treatment at Yumbe Regional Referral Hospital in Yumbe District following injuries he sustained from Theft mission on Saturday night 16-November-2024 in Owapi village, Azapi parish in Odupi Sub-county, Terego East Constituency in Terego District. Click here on the link  https://informationispowah.blogspot.com/2024/11/fugitive-who-chopped-3-people-killed.html   to read the story on his Theft of Goats in Terego. Upon getting cut on the finger and leg by the Mob as he attempted to fight and overpower owner of the goats he attempted to steal on Saturday night ...

41-Years-Old Man Digs His Own Grave in Maracha District.

Story by Osuta Yusuf.  Maracha District.  📸: The grave been dug by Mr Opiga Michael, a victim of frustration. Photo taken by Osuta Yusuf , on Wednesday 11-September-2024. The residents of Ebapi village, Baria Parish in Nyadri Sub-county, Maracha east constituency, Maracha District are in shock after a 41 year old man started digging his own grave. The man, identified as Mr Opiga Michael, who seems to be frustrated over some challenges in life, started digging his own grave on Tuesday 10-September-2024 until he was stopped by the elders in Nyaria clan. 📸: Opiga Michael, the Victim of Frustration. Photo by Osuta Yusuf , Information is Power. While speaking to our reporter on Wednesday evening 11-September-2024, Mr Opiga Michael, said, his main plan  was to commit suicide after finishing digging the grave for burying himself, explained that, he feels frustrated, abandoned and hated by his own clan people, whom he accused of piling lies against him a...

Wedded Ayivu West MP Lematia John Fights Over Another Woman.

  📸: Hon Lematia John. By URN. Police in Arua district are investigating a case of assault and threatening violence involving the Member of Parliament for Ayivu West Constituency John Lematia and James Ariko, a DSTV technician in Arua city. Drama ensued on Easter Sunday 31-3-2024 at Dream Land Hotel located at Kuluva trading center along Arua-Nebbi highway in Arua district when the legislator and the technician engaged in a fight reportedly over a woman identified as Faith Eyotaru 25, a relationship officer at Victoria University Kampala. The scuffle started after Ayivu West Mp John Lematia went to swim at Dreamland Hotel with Faith Eyotaru only to find Ariko, who had gone to the same hotel earlier. However, upon seeing the duo coming out of the vehicle, Ariko confronted Lematia with both men claiming to be having a relationship with the lady. It took the intervention of the staff at the hotel who intervened and separated the fight between the men. Josephine Angucia, the West Nil...