We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Iran 'stealing passwords to censor web'

Expert says SSL scam may have political motives

Iran's apparent theft of valid SSL certificates may be an attempt to trap Iranians who duck government restrictions on the internet, a security expert says.

The certificates stolen from certificate vendor Comodo could be used to reroute users to servers that appear to be legitimate but are not, says Mikko Hypponen, chief researcher at F-Secure in the company's blog.

The certificates in question were issued to mail.google.com, www.google.com, login.yaoo.com, login.skype.com, addons.mozilla.org and Global Trustee.

Hypponnen says the certificates could be used to gather passwords. Since the government controls internet routing in the country, it could reroute all Skype traffic to a fake Skype login page and collect user names and passwords with the SSL encryption seemingly in place. Monitors could read email accounts as well that seem protected by SSL encryption because the certificates are valid, he says. "Even most geeks wouldn't notice this was going on," he says.

Comodo suspects involvement by the Iranian government because of how well directed the attack was and how quickly it was executed.

Hypponen cites fellow researcher Eric Chien at Symantec as speculating the addons.mozilla.org could be used to block installation of certain extensions to the Firefox browser that would bypass censorship filters, such as FoxyProxy that automatically switches Internet connections across multiple proxy servers. This could be used to anonymize traffic.

Read more about wide area network in Network World's Wide Area Network section.

See also:

Iran 'sponsored attack on Google, Skype, Yahoo'

Security Advisor

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model