The holder of the 1.1.1.1 certificates could potentially use them in active adversary-in-the-middle attacks that intercept communications passing between end users and the Cloudflare DNS service, Ryan Hurst, CEO of Peculiar Ventures and a TLS and public key infrastructure expert, told Ars.
“Doing so would require a BGP hijack to trick your host to think your [rogue] 1.1.1.1 was the one I should connect to,” he explained. BGP is short for Border Gateway Protocol, a specification used to link regional networks scattered around the world, known as Autonomous Systems, to each other. By manipulating the system through false notices, attackers regularly take control of legitimate IP addresses, including those belonging to telecoms, banks, and Internet services.
As several Ars commenters have noted, there are likely many other ways an attacker could exploit the certificates to mount an adversary-in-the-middle attack.
From there, attackers with possession of the 1.1.1.1 certificates could decrypt, view, and tamper with traffic from the Cloudflare DNS service, Hurst said. He added that Cloudflare’s WARP VPN service may also be similarly affected.
Wednesday’s discovery exposes key failures of the public key infrastructure that’s responsible for ensuring trust of the entire Internet. They are the only thing ensuring that gmail.com, bankofamerica.com, irs.gov, and any other sensitive website is controlled by the entity claiming ownership.
Given the pivotal role of certificates, CAs are required to provide the IP addresses they used to verify that a party applying for a certificate controls the address they want covered. None of the three certificates provides that information. The incident also reflects poorly on Microsoft for failing to catch the mis-issued certificate and allowing Windows to trust it for such a long period of time.
Also at partial fault are Cloudflare and the PKI stakeholders at large, since all issued certificates are published to a publicly available transparency log. The purpose of the log is to quickly identify mis-issued certificates before they can be actively used. The public discovery of the certificates four months after they were issued suggests the transparency logs didn’t receive the attention they were intended to get.
