Security News > 2021 > November > Researchers shed light on hidden root CAs

How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate chains and verification statuses in web visits.

Many flaws in the implementation of hidden root CAs and certificates.

"In this study, we term root CAs that are not trusted by public root programs as 'hidden' root CAs, because they are absent from the lists and are not publicly visible. Particularly, we focus on hidden root certificates that have been imported into local root stores," they shared.

The largest group contains 254,412 root certificates that belong to Certum Trusted NetWork CA 2, which impersonates the authentic Certum CA. "Fake CAs which impersonate large trusted CAs with good reputation to evade detection, are becoming emerging security threats," the researchers noted.

"Hidden root CAs of malware are built to intercept secure connections, thus their adoption of weak keys and insecure algorithms should not be considered a problem," the researchers pointed out, but self-built root CAs of enterprise networks and anti-virus software should comply with security requirements to prevent themselves from being compromised.

Finally, the researchers have offered a number of recommendations for developers of operating systems, browsers and legitimate software to minimize the risks associated with hidden root certificates.

News URL

https://www.helpnetsecurity.com/2021/11/19/hidden-root-cas-ecosystem/