Cyberoam’s Proactive Steps in HTTPS Deep Scan Inspection

Information on how Cyberoam has been proactively tacking the situation arising out of the TOR blog.

The Current Status
We have released an OTA (over the air) hotfix that has forcefully generated a unique CA certificate for each appliance. Customers can know their appliances have a unique CA if they see a “positive alert” on the appliance dashboard that informs about the change that has been done.

In case a customer does not see such an alert on the dashboard, it means that their appliance is vulnerable and they should change the default CA of the appliance using the CLI command meant for that purpose.

How it Unfolded
Within 24 hours of the knowing the situation, an alert message was pushed to each UTM appliance which had SSL scanning enabled. This alert message was visible on the appliance dashboard highlighting an existing command that generated a unique CA for the appliance (refer to the screen shot below).

Keeping in mind, customers’ lack of awareness of this situation, Cyberoam then forcefully generated unique keys for all the remaining appliances. This means that every Cyberoam UTM appliance now has a unique CA thus protecting the customers even if the private key is exposed willfully or by accident.

Sending out Further Notification
We are also proactively informing our customers through appliance alerts regarding these updates so that they can make the necessary changes in their user computers to safeguard against the leakage of the key.

Role of Unique CA Certificate
All customers who have a unique key will thus be safe as the unique key is appliance specific, with no copy of it anywhere, not even with Cyberoam. Once, the customer generates his own unique CA certificate, the UTM appliance stops using the default CA certificate for SSL traffic inspection.

Cyberoam: Caught in the Spotlight
We, at Cyberoam, do understand the critical nature of this issue though we have been singled out and have been put into a situation that requires us to react urgently, keeping our customers’ best interest in mind.

This has also led us to a deeper introspection to make sure that we stand up to our commitments of providing the best to our customers.

Cyberoam: Taking it Positively
As a company, we are taking this as a positive pointer. These immediate changes (of forcefully generating a unique CA) are immediately putting our appliances at a better security level than the rest of the industry that uses the same methodology where a default CA is shipped with each appliance that puts them at the same risk when providing HTTPS deep scan.

We think that the industry needs to react to this on an urgent basis so that a deeper crisis is averted.

We thank the researchers who drew our attention to the same.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>