Google disqualifies Chinese internet security certificates after trust breach

Since there are no reports of abuse, Google is not recommending people to change passwords or take other action.

Since there are no reports of abuse, Google is not recommending people to change passwords or take other action.

Google announced on its official security blog on Wednesday that it will not recognise security certificates issued by the official China Internet Network Information Centre (CNNIC) anymore, following a major breach of trust.

Last month, China’s Website Certificate Authority issued valid security certificates for a number of domains, including Gmail and several other Google domains without their permission resulting in a potential security lapse. The unauthorized certificates were issued by an intermediate certificate authority, the Egypt-based MCS Holdings that operated under the authority of CNNIC.

These certificates, which are stored by the server hosting the website and read by many web browsers, are meant to safeguard Internet users from scams and identity theft, also known as phishing.

The ban means that users of Google’s Chrome will likely be flagged with warnings when attempting to visit sites certified by CNNIC. Moreover, other websites operating a particular Chinese identity may also be affected considering that their security certificates won’t be accepted by Chrome browsers anymore. It is still not clear as to how many websites CNNIC has certified and could yield warning messages.

Google said that CNNIC is included in all major root stores and so the unauthorized certificates would be trusted by almost all browsers and operating systems. Chrome on Windows, OS X, and Linux, ChromeOS, and Firefox 33 and greater would have declined these certificates because of public-key pinning, although unauthorized certificates for other sites still exist.

Goole further said that it had immediately notified CNNIC and other major browsers about the breach and blocked the MCS Holdings certificate in Chrome with a CRLSet push.

CNNIC said that they entered into an agreement with MCS Holdings on the basis that MCS would only issue certificates for domains that they had registered. It said in a statement on its website that Google’s decision to ban the certificates was hard to understand and accept and appealed Google to fully consider the rights of users. CNNIC also assured that its existing users wouldn’t be affected.

Google further stated that CNNIC could apply for its certificates to be accepted again after revamping its verification process. And sites already holding CNNIC certificates will still be marked as trusted in Chrome for a limited period time Google said, without further explanations.

Google Chrome users are not required to take any action to be safeguarded by the CRLSet updates. Since there are no reports of abuse, Google is not recommending people to change passwords or take other action.

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Nokia to launch T20 tablet with 10.36 inch display

Nokia to launch T20 tablet with 10.36 inch display

The Nokia T20 will sport a 10.36-inch display and will have 4 GB RAM along with 64 gigs of native storage.
2 days ago
Ford sees surprise Q2 profit despite chip shortage and manufacturing hassles

Ford sees surprise Q2 profit despite chip shortage and manufacturing hassles

“The business is ‘spring loaded’ for a rebound when semiconductor supplies stabilize and more closely match demand.”
2 days ago
Audi A6 E-tron Production Launch in 2023

Audi A6 E-tron Production Launch in 2023

Audi has confirmed that there will be multiple variants of the etron, including “basic versions optimized for minimum consumption and maximum range.
3 days ago
Royal Dutch Shell buyback lifts investor sentiment

Royal Dutch Shell buyback lifts investor sentiment

Royal Dutch Shell commences share buybacks before the end of this year while reducing its first quarter dividend to 16 cents per share, a 66% cut.
3 days ago
Citizens Financial to acquire Investors Bancorp in $3.5 billion NYC push

Citizens Financial to acquire Investors Bancorp in $3.5 billion NYC push

Citizens Financial Group, Inc. and Investors Bancorp announced today that they have entered into a definitive agreement and plan of merger in a cash-and-stock deal worth $3.5 billi
4 days ago
Apple Q3 Earnings Break Records Again!

Apple Q3 Earnings Break Records Again!

Apple Q3 earnings prove the Cupertino giant remains unaffected by the Covid-19 pandemic as sales rise across all product lines.
4 days ago