According to a study published by the University of Michigan, it allows the Kazakh government to carry out "middleman" or MitM attacks on HTTPS connections with 37 domain names, including Facebook, Twitter and Google. Typically, HTTPS websites are encrypted in such a way that third parties, including ISPs, cannot access them. For Kazakhstan, the MitM attack broke the encryption mechanism of these websites and allowed free surveillance of private Internet activities.
After the action is completed, the most popular Chrome and Firefox browsers will ban illegal certificates. Mozilla will use OneCRL to block Kazakhstan's root certificate, which Firefox has used to revoke since 2015. Previously, the intelligence of users accessing the Internet in KazakhstanMobile phoneOr the computer will receive a message asking them to install the root certificate.
Now, when Firefox detects certificates in Kazakhstan, it will block connections and display error messages. Chrome will also block the certificate. In addition, it adds this rule to the blocking list in Chromium source code and will be included in other Chromium-based browsers in the future.
Since Kazakhstan stopped requiring users to install certificates a few weeks ago, it now seems unnecessary. Kazakhstan's government stopped deploying its surveillance certificates earlier this month after facing legal challenges, as a group of Kazakh lawyers sued three mobile operators for restricting Internet access, Reuters reported. In response, the National Security Council of Kazakhstan issued a statement calling the certificate launch a "test" and has now been completed.
Mozilla acknowledged that the company had known that Kazakhstan had completed the test. However, if a certificate is installed, users may still be vulnerable to attack. "Although the government's test is clearly over, the mechanism that it can use to monitor network traffic still exists. And some users may still have this malicious certificate installed. These users are still very vulnerable, even if the attack does not continue, we do not wait for the vulnerability to be reused, will try to solve it directly.Mozilla also said that it would continue to monitor the actions of the Kazakh government and would take further action when similar certificates were issued in the future.