14 DAY TRIAL // German researchers led by Dr. Haya Shulman from the Fraunhofer Institute for Secure Information Technology (SIT), found a way to spoof SSL/TLS certificates for domains they didn't control, according to a report from The Register.
Dr. Shulman stated that “Essentially, many CAs that support domain validation can be attacked. We demonstrated an attack which redirects the CA to an attacker machine via DNS cache poisoning."
The HTTPS certificates can be obtained even if the certificate authority that issued them protects them using PKI-based domain validation, which allows the attackers to spoof the identity of the targeted organization and create malicious copies of any websites using a specific certificate.
Given that Domain Validated (DV) certificates can be spoofed, organizations should move to certificates validated through other, more secure methods, such as Extended Validation (EV) or Organization Validation (OV).
"The attack exploits DNS cache poisoning and tricks the CA into issuing fraudulent certificates for domains the attacker does not legitimately own – namely certificates binding the attacker's public key to a victim domain," wrote Shulman in the paper covering the research.
Certificate authority with support for Domain Validation (DV) are vulnerable
According to the German team of security researchers, a laptop is the only tool needed to perform such an attack against certificate authorities known to issue Domain Validated (DV) certificates.
They were able to set up live automated attack demos against such a certificate authority after researching the proper measures to distribute malware-infected files, steal credentials and even eavesdrop on a CA of their choice.
The even bigger problem which is not immediately obvious after first reading about Fraunhofer SIT's findings is that the CAs which use Domain Validation (DV) as the means to issue SSL/TLS certificates are now in control of more than 95% of the market as Shulman declared in an infosecurity interview.
Although the "Domain Validation ++ for MitM-Resilient PKI" research paper is not yet public, the Fraunhofer SIT team lead by Dr. Haya Shulman will present it during ACM's Conference on Computer and Communications Security in Toronto, Canada, on October 19, 2018.