03 Apr Google warns against HTTPS interception
A recent report is bringing to light the dangers of HTTPS interception. According to ZDNet contributor Liam Tung, some security appliances and antivirus products intercept HTTPS and transport layer security connections in order to inspect network traffic. This is done in some cases to allow threat protection software to comb through the connections and potentially discover viruses or malware.
However, the report found that HTTPS interceptions and inspections may be handled poorly in a startling majority of cases.
The problem with HTTPS interception
The study, which was conducted by Google and Mozilla, found that 97 percent of Firefox, 32 percent of e-commerce and 54 percent of Cloudflare connections became less secure when they were intercepted by antivirus tools.
“Our results indicate that HTTPS interception has become startlingly widespread, and that interception products as a class have a dramatically negative impact on connection security,” the researchers of the report wrote. “We hope that shedding light on this state of affairs will motivate improvements to existing products, advance work on recent proposals for safely intercepting HTTPS and prompt discussion on long-term solutions.”
This presents an issue for companies that rely solely on HTTPS interception and traffic inspection. In addition, the report found that the default settings on 11 of 12 network applications introduce security flaws, as do 24 of 26 antivirus products.
The trouble with iOS applications
The Google and Mozilla report wasn’t the first of its kind. Another survey put together by Sudo Security Group Inc. found that 76 popular applications in the iOS App Store were using encryption in their back-end services in a similar fashion – leaving end-user information open to man-in-the-middle attacks. According to Ars Technica contributor Sean Gallagher, the apps’ TLS could be unencrypted by a forged certificate sent back by a proxy, leaving them open to attack.
The shocking number of vulnerable applications means that this impacts a lot of people and companies. Estimates by Apptopia indicate that there have been 18 million downloads of these affected apps. The vulnerability in these apps exposed data of varying sensitivities – with 33 percent of the applications indicating relatively low risk. However, the majority of the apps exposed financial or medical login data.
“There have been 18 million downloads of the affected apps.”
To combat incidents like these, Apple has been pushing developers to use App Transport Security to secure data transmitted by their applications. And in terms of the ability of malicious actors to actually gather data through these apps, there is a silver lining:
“The one ray of sunshine for end-users is that man-in-the-middle attacks (other than those by state actors) are possible only when connected to the internet via an untrusted Wi-Fi connection,” Gallagher wrote. “If you’re connected using cellular broadband or a trusted wireless network, man-in-the-middle attacks are highly unlikely.”
Solution? Work with a trusted partner
Firewalls are still important. Despite the implications of the Google and Mozilla report, having an effective firewall or threat detection software remains an essential part of maintaining a corporate network. Knowing how to implement these kinds of security solutions is critical.
When it comes to keeping your network secure and your data out of the hands of potentially harmful actors, it pays to invest in the right security tools – the ones that aren’t going to make your infrastructure inherently less safe. This is why working with a trusted managed services partner is a must – combining forces with an MSP like Pinnacle Business Systems can give you a closer look into your network infrastructure and help you choose the security product that presents the most advantages for your organization.
Get in touch with the experts at Pinnacle today to schedule your security assessment and see how we can help you maintain safe networks.