Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

August 13th, 2010, 20:13 GMT · By

EFF Asks Verizon to Cancel Etisalat's Certificate Authority Powers

SHARE:

Adjust text size:


EFF wants Etisalat's CA certificate revoked
Enlarge picture
In a letter to Verizon, the Electronic Frontier Foundation (EFF) asks the company to revoke the CA certficate issued to UAE leading telecom provider Etisalat, over fears that it might misuse it to engage in covert surveillance.

We are writing to request that Verizon investigate the security and privacy implications of the SSL CA certificate (serial number 0x40003f1) that Cybertrust (now a division of Verizon) issued to Etisalat on the 19th of December, 2005, and evaluate whether this certificate should be revoked,” the Internet privacy watchdog wrote in the letter.

EFF's concerns stem from an incident in July 2009 when Etisalat, the largest telecom provider in the United Arab Emirates pushed spyware hidden as a system update to its BlackBerry subscribers.

In order to be accepted by the devices, the spying application, which was able to upload emails and messages to a remote server, amongst other things, was digitally signed with a special crypto key.

EFF says this is strong indication of the mobile operator's willingness to misuse cryptographic systems for surveillance purposes and it is in the context that Etisalat being a Certificate Authority is at least worrying, if not dangerous.

Certificate Authorities (CAs) are entities which have the power to generate SSL certificates trusted by all browsers for any domain name, like google.com, microsoft.com and so on.

There are only a handful of root CA certificates included in browsers, but since CA powers can be delegated, the number of such organizations have risen to over 650.

These companies are spread across the world, including in countries like China which have a proven tendency of spying on their citizens.

Because Microsoft, Mozilla, and other browser vendors have chosen to delegate certificate issuing authority to Verizon/Cybertrust, and because Cybertrust in turn chose to delegate this authority to Etisalat, Verizon is now the only party in a position to mitigate this risk to Internet security in a manner that is prompt and minimizes side-effects,” the EFF concludes.

TELL US WHAT YOU THINK:

1,615 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


UAE to Ban BlackBerry Data Services over Too Much Security
United Arab Emirates Views BlackBerry as National Security Threat
Smartphone Spyware Used for Illegal Wiretapping in Romania
UAE Mobile Carrier Pushes Spyware to BlackBerry Subscribers

READER COMMENTS:


Comment #1 by: Maxx on 28 Aug 2010, 18:59 UTC reply to this comment

IS there any way we can block the etisalat's CA in our browsers?

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use