(Translated from the original Italian)
Last week, blog.torproject.org published news related to a security vulnerability found in Cyberoam DPI devices (CVE-2012-3372). It all started when a user in Jordan reported seeing a fake certificate for Tor (torproject.org).
The certificate was issued by Cyberoam and the researchers at the Tor project believed that the CA has been tricked in similar fashion as famous counterparts Comodo and Diginotar.
The user did not report problems during ordinary navigation, and was able to browse websites such as Twitter, Facebook and Gmail, which suggests we are faced with a targeted attack to trick Cyberoam into issuing fake certificates for the torproject.org website.
(click image to enlarge)
Who is Cyberoam and what are their products?
Cyberoam UTM is a network security solution appliance vendor. But the company also provides a range of devices used for Deep Packet Inspection (DPI), and most likely the user's connection was intercepted by one of their devices.
During the investigation, torproject.org found a vulnerability in the Cyberoam DPI devices, where all Cyberoam DPI devices share the same digital certificate. This means that the private key is the same for every device.
The implications, if confirmed, are serious, and in fact it could be possible to catch traffic from any user of a Cyberoam device by extracting the key and importing it into other DPI devices to use for the interception, or by simply using another Cyberoam DPI.
The torproject.org researchers immediately contacted Cyberoam and they also notified browser vendors of the vulnerability, asking them to blacklist the Cyberoam CA certificate in their browsers.
While awaiting a reply from the firm, torproject.org published in their blog the following info.
"The Cyberoam CA certificate is not trusted, and so browsers will show users a warning (unless someone has already installed the certificate). Users with the Tor Browser Bundle are not affected."
Cyberoam responded that its security devices open up traffic to inspection by third-parties, and also added in an official communicate that the devices implement tamper-protection measures to prevent the export cryptographic keys from them.
"Cyberoam’s private keys cannot be extracted even upon dissecting the box or cloning its hardware and software. This annuls any possibility of tampering with the existing certificates on appliance," the firm explained.
Obviously, Cyberoam reiterated the purpose of the HTTPS Deep Scan Inspection technology as being developed for network protection against malware, and that it is not used to attack tools such as Tor, although the devices are bundled with technology designed to perform deep HTTPS scanning able to peer into the contents of encrypted communications.
They completely denied having been involved in any kind of attacks against Tor project. Again the company clarified:
"Cyberoam UTM [Unified Threat Management] either accepts or rejects, but does not store HTTPS Deep Scan Inspection data, as processing is done in real-time. The possibility of data interception between any two Cyberoam appliances is hence nullified,"
How does it work for traffic inspection on similar devices?
UTM security appliances perform SSL inspection by generating their own certificates, and in this way network administrators can install them on devices in their network, allowing for the traffic inspection technology to work without generating a warning.
The company remarked that HTTPS Deep Scan Inspection is driven by SSL Bridging Technology, so the Cyberoam appliance provides self-signed certificates to the client whilst establishing a secure connection between the client and the server. A default certificate is shipped which remains the same across all the appliances.
(click image to enlarge)
How to prevent traffic analysis
It is simply possible to uninstall the Cyberoam CA certificate from a browser and decline to complete any connection which gives a certificate warning.
What is the main risk?
Criminals or governments could use the stolen certificates to conduct “man-in-the-middle” attacks, tricking users into thinking they were at a legitimate site when in fact their communications were being secretly tampered with or intercepted.
That is for example what occurred in the DigiNotar case where companies like Facebook, Google and also agencies like the CIA and MI6 were targeted in the Dutch government certificate hack.
Cross-posted from Security Affairs