Advertising tool PrivDog compromises HTTPS security
New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users’ PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.
Over the weekend, a user reported on Hacker News that his system failed an online test designed to detect a man-in-the-middle vulnerability introduced by Superfish, a program preloaded on some Lenovo consumer laptops.
However, his system did not have Superfish installed. Instead, the problem was tracked down to another advertising-related application called PrivDog, which was built with the involvement of Comodo’s CEO, Melih Abdulhayoglu. New PrivDog releases are announced on the Comodo community forum by people tagged as Comodo staff.
PrivDog is marketed as a solution to protect users against malicious advertising without completely blocking ads. The program is designed to replace potentially bad ads with safer ones that are reviewed by a compliance team from a company called Adtrustmedia. As Abdulhayoglu puts it in a January 2014 post on his personal blog in which he describes the technology: “Consumers win, Publishers win, Advertisers win.”
However, according to people who recently looked at PrivDog’s HTTPS interception functionality, consumers might actually lose when it comes to their system’s security if they use the product.
In order to replace ads on websites protected with HTTPS (HTTP with SSL/TLS encryption), PrivDog installs its own self-generated root certificate on the system and then runs as a man-in-the-middle proxy. When users access HTTPS sites, PrivDog hijacks their connections and replaces the legitimate certificates of those sites with new ones signed with the locally installed root certificate.
Since the root certificate installed by PrivDog on computers is trusted by browsers, all certificates that chain back to it will also be trusted. This means that users will think that they’re securely speaking to the websites they accessed, while in the background, PrivDog will decrypt and manipulate their traffic.
That in itself is not a bad implementation. There are legitimate reasons for scanning HTTPS traffic and many security products use similar techniques to analyse encrypted traffic for potential threats.
No shared key
Unlike Superfish, PrivDog installs a different root certificate on every system, so there’s no shared private key that would allow attackers to generate rogue certificates. However, it turns out they don’t even need a shared key
The error in PrivDog’s implementation is simpler than that: The program doesn’t properly validate the original certificates it receives from websites. It will therefore accept rogue certificates that would normally trigger errors inside browsers and will replace them with certificates that those browsers will trust.
For example, an attacker on a public wireless network or with control over a compromised router could intercept a user’s connection to bankofamerica.com and present a self-signed certificate that would allow him to decrypt traffic. The user’s browser would normally reject such a certificate.