Gogo, a provider of inflight internet in the United States, intercepts links to Google, with a fake ssl certificate. Probably, this happens to be streaming on tyres. It is unknown whether this always happens and or other websites will also be affected.
A member of the security team of Google Chrome, the injection of the fake certificate when they themselves flew. She noted that Gogo a private certificate injected with domain names that end in”.google.com’. Therefore, users can no longer trust that they have a secure, direct connection with the servers of Google, without that Gogo is watching.
The Google employee suspects that the fake certificate is injected in order to stream in order; users can from play.google.com music and movies stream. “But there are better ways to do this”, she wrote on Twitter.
It is not known whether Gogo is also a private certificate, inject in connections with other sites that have great traffic generate by streaming, such as YouTube and Spotify. It is also not known whether Gogo is always traffic intercepted, or, for example, only when the speed of the connection is compromised by streamende users. Gogo has not yet on the allegations responded.
It happens more often that false certificates are issued. Technically, that if a certificate authority can be found who want to work: there are no technical measures to issue certificates for other people’s domain names to prevent. However, the impact under more limited by certificate pinning in Google Chrome: in the browser is determined which certificate authorities certificates may issue for several domain names, including those of Google. Gives a different certificate authority a certificate for Google, it saves the browser alarm, which in this case has happened.
hey @Gogo, why are you issuing *.google.com certificates on your planes? pic.twitter.com/UmpIQ2pDaU
— Adrienne Porter Felt (@__apf__) January 2, 2015