Have you ever bothered to look at who your browser trusts? The padlock of a HTTPS connection doesn't mean anything if you can't trust the other end of the connection and its upstream signatories. Do you trust CNNIC (China Internet Network Information Centre). What about Turkistan trust or many other “who are they” type certificate authorities?
Even if you do trust whoever issued the certificate it doesn't mean much if the network cannot be trusted. A lot of experts claim “HTTPS is broken” and here is one small example of why. If you sit in a coffee shop and go surfing you can quite easily end up being the victim of a man-in-the-middle (MitM) attack. All a potential attacker needs is a copy of Kali Linux, a reasonably powerful laptop and coffee!
But wait, you cry, aren't certificates supposed to protect us from exactly this type of thing? Yes but... essentially in our coffee-shop scenario the connection can be forced to run via the MitM laptop using a program called SSLstrip to copy the data as it is passed back and forth to Gmail. We get the traffic from the victim by poisoning the ARP cache and pretending to be the router. SSLStrip forces a victim's browser into communicating via an attacker’s laptop in plain-text over HTTP, with the adversary proxies the modified content from an HTTPS server.
Of course, you need to hack the coffee shop's router, too.
The HTTPS between Gmail and you is now readable because you get the decrypted plain text data before it is encrypted and sent to Gmail.
It isn't just coffee shops that present this risk. Frequently, SSL inspection is used in offices of larger companies to monitor staff web activity. Several companies such as FireEye and Bluecoat provide specialised appliances to do this at wirespeed, essentially rendering them unnoticeable. Governments can also do the same using FinFisher or other tools running on ISP networks.
This is one of the main reasons I tell people not to check their web mail on their work computer. Employers probably have the right do that written into their employment terms and conditions. Companies do, however, have other more legitimate reasons for breaking SSL scanning for malware-related traffic and data loss prevention (DLP being the new hot ticket item). If you couldn't look inside an encrypted packet you would have no idea what's flowing across the network most of the time other than source and destination.
What are the mitigations against all these for the average Joe user? In reality not a lot. Use your common sense when connecting to a Wi-Fi hotspot. Ask yourself:
- Do I know I am connecting to the correct Wi-Fi hotspot?
- Do I trust that hotspot and its owners?
- Where possible use a VPN thereby somewhat mitigating against MitM attacks
On a larger scale there are a few things that can be done but require effort. If a site provides only HTTPS then sslstrip would fail as it can't fall back to HTTP. Also browsers are becoming better at dealing with these types of issues.
Some browsers such as Chrome use a new technique called certificate pinning. This technique creates a digital fingerprint for each HTTPS site visited and afterwards compares it to the certificate being presented. It will warn the user if things don’t look as they should. Another method that site owners can use to protect their clients is HSTS. This tells the browser on first visit that the site is HTTPS only and therefore the browser should only ever connect to via HTTPS for a determined length of time.
Any attempt to redirect the browser to an HTTP version of the site will be stopped by the browser. The one weakness with this technology is that the browser has to have first visited the genuine site to receive the HSTS response. But if you make sure you've visited a site that supports HSTS on a trusted network, your browser will then ensure it is never redirected to HTTP.
A site owner who knows they will only ever use HTTPS and uses HSTS (HTTP Strict Transport Security) can have their website added to a HSTS preloaded list in the Chromium project. Getting your site added to that list means that Chromium will never allow an unencrypted connection to your site.
A lot of companies who deploy monitoring will often install their own root certificates on company computers. This lets the proxy devices to self-sign certificates for any domain and be trusted by the computers.
HTTPS is not the silver-bullet online defence shield a lot of users believe it to be on public networks, meaning activities such as online banking and shopping are done at their own risk.
While there are some additional steps you can take, you should - therefore - continue to exercise caution when using a network you don’t control and think about the type of information that you may be sharing with people you may not want to. ®