"Traffic Interception and MitM Attacks Among Security Risks of Russian TLS Certs"
Russia has been found offering its own Transport Layer Security (TLS) certificates to avoid sanctions set by Western companies and governments, which are limiting citizens' access to websites amid the country's invasion of Ukraine. Restrictions on foreign payments have made many Russian websites unable to renew certificates with international signing authorities, thus causing browsers to block access to sites. Therefore, Russia has launched a domestic TLS Certificate Authority (CA) for the independent issuing and renewal of TLS certificates. Russian-owned and -issued TLS certificates pose a significant risk as they include traffic interception and Man-in-the-Middle (MitM) attacks. TLS certificates, also known as SSL or digital certificates, protect Internet connections through the encryption of data sent between browsers, websites, and servers. When a certificate expires, Google Chrome, Safari, and other web browsers display a warning that a page could be insecure, driving users away. A Russian public-service announcement revealed that the state would replace revoked or expired foreign security certificates for free if requested. According to the announcement, the security certificate is designed to authenticate the site on the Internet when establishing a secure connection. Web browsers such as Chrome and Firefox have not yet recognized the state-supplied certificates as trustworthy as Russians have been advised to use Russian-based alternatives instead. Russian media has broadcasted a list of nearly 200 domains that have reportedly been told to use the domestic TLS certificate, but it is not mandatory yet. This article continues to discuss Russia's launch of a domestic TLS Certificate Authority to circumvent Western sanctions and replace revoked and expired certificates, as well as the security risk posed by Russian TLS certificates.
CSO Online reports "Traffic Interception and MitM Attacks Among Security Risks of Russian TLS Certs"