Cyberoam fixes SSL snooping hole in network security appliances

Cyberoam issues a hotfix for UTM appliances after the default private key used for SSL traffic inspection gets leaked online

Network security hardware manufacturer Cyberoam issued an over-the-air (OTA) update for its unified threat management (UTM) appliances in order to force the devices to use unique certificate authority (CA) SSL certificates when intercepting SSL traffic on corporate networks.

The company was forced to issue the update after an anonymous user published on the Internet the SSL private key that all Cyberoam appliances use by default.

"As the private key has been leaked there are possibilities that it can be misused and hence we have taken an immediate action to release an OTA hotfix that changes the default CA and protects the customers," Abhilash Sonwane, senior vice president of product management at Cyberoam, said Monday via email.

After the hotfix is applied, each individual appliance will have its unique CA certificate. Customers should see a notification about the CA certificate being changed on the administration dashboard of their devices, Sonwane said.

If for some reason the update failed and the alert is missing from the dashboard, customers can generate their own unique CA certificates using the command line interface, an option that has always been available to them.

Tor Project researcher Runa A. Sandvik and Google software security engineer Ben Laurie revealed on July 3 that all Cyberoam appliances with SSL traffic inspection capabilities had been using the same self-generated CA certificate by default. This made it possible "to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or, indeed, to extract the key from the device and import it into other DPI [deep packet inspection] devices, and use those for interception," the researchers wrote in a security advisory.

Cyberoam admitted in a customer support article published on Thursday that all of its appliances used the same default CA certificate. However, the company denied at the time that the private key corresponding to this certificate can be exported from the devices.

Businesses are interested in inspecting the SSL traffic on their networks for a variety of reasons, including the detection of potential data leaks and malware activity.

Network security appliances like those produced by Cyberoam achieve this by launching man-in-the-middle attacks every time network computers send requests to SSL-enabled domain names.

They intercept the requests and establish encrypted channels with the destination servers. They then generate rogue SSL certificates for the remote domains, sign them with their own self-generated CA certificates, and serve those back to the network computers.

This establishes SSL bridges that allow them to inspect what should otherwise be private communications between network endpoints and remote servers. In order to avoid any certificate errors being displayed on the endpoint computers, network administrators have to first install the self-generated CA certificates in their trusted certificate stores.

Sonwane feels that Cyberoam has been singled out in this case. The whole industry uses the same methodology of shipping a default CA certificate with appliances that are capable of performing SSL traffic inspection, he said.

"As a company, we are taking this on a positive note, as these immediate changes (of forcefully generating a unique CA) are putting our appliances at a greater security level than the rest of the industry that does HTTPS deep scan," he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?