Gmail Users in Iran Hit by MITM Attacks

Gmail users in Iran might have been affected today, based on several reports suggesting that connections were being hit by Man In The Middle(MITM) attacks.

I first spotted this notice on Hacker News where the submission had a link to  containing details of the affected root server  certificate. Google has since then confirmed the attempted attack on their blog.

Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran.

MITM or Man-In-The-Middle attacks are one of the most sophisticated attacks, where a third party can effectively eavesdrop & monitor all  communication  between two parties, without either of the parties knowing that they are being eavesdropped upon. In case of sites using SSL, such as Gmail – the attacker was able to get hold of a fraudulent certificate which is used for encrypting.

The certificate was issued by DigiNotar. Chrome users (on version 13 and above) were alerted of the fraudulent certificate by virtue of an inbuilt security feature called certificate pinning. Certificate Pinning  maintains a whitelist of verified root Certificate Authorities which are trusted by Chrome in creating a connection to and Google accounts in general. Since DigiNotar was not in the whitelist of  verified CAs, Chrome displayed an error message about the certificate being invalid


Chrome shows Invalid Certificate message

Mozilla have responded by pushing an update to Firefox which revokes the certificate’s trust. As a result of this, if a user visits the site presenting the fraudulent certificate,  the user would be informed that the connection is not secure. Mozilla has also updated their knowledge base with an article showing steps involved in revoking the certificate.



Published by

Sathya Bhat

Sathyajith aka "Sathya" or "cpg" loves working on computers, and actively participates in many online communities. Sathya is a Community Moderator on Super User, a collaboratively maintained Q&A site which is part of the Stack Exchange network. Sathya also contributes to and is a Super Moderator at Chip India Forums. While not writing SQL queries or coding in PL/SQL, Sathya is also a gamer, a Linux enthusiast, and maintains a blog on Linux & OpenSource. You can reach Sathya on twitter.