The Indian Controller of Certifying Authorities (India CCA) has launched an investigation into the issue of unauthorized digital certificates to Google by the National Informatics Center Certifying Authority. Such a certificate could have been used to trick a service into thinking that a fake domain was legitimate.
In a blog post on its security blog, Google has stated that the unauthorized certificates were included in Microsoft's Root Store, meaning that a majority of Windows programs that use SSL would trust these certificates.
Exclusions include Firefox, which uses its own root store, and Chrome, which uses additional TLS/SSL security measures to safeguard users from unauthorized certificates. Furthermore, Google blocked these certificates in Chrome with a CRLSet push. Google also clarified that Chrome on other platforms, which include Chrome OS, Android, iOS and OS X was not affected as the Indian CCA certificates are not included in these root stores.
Google was in contact with the India CCA, which rolled out a subsequent CRLSet push to revoke the NIC certificates, rendering all NIC domains inaccessible. The NICAA has since ceased issuing digital certificates for the time being, and has the following message on its website:
Due to technical reasons, NICCA is not issuing certificates as of now. All operations have been stopped for some time and are not expected to resume soon. DSC application forms will not be accepted till operations are resumed and further instructions will be issued thereafter. Inconvenience caused is regretted.
Source: Google
Have you listened to this week's Android Central Podcast?
Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.
We may earn a commission for purchases using our links. Learn more.
Review: Caseology’s Nano Pop is the best slim but sturdy Galaxy S21 case
There’s a mountain of Galaxy S21 cases out there for you to choose from, but Caseology finally brought over one of its iPhone-only series and it is 100% worth your attention and money. Make the S21 pop with bold colors and soft but secure grip.
How Google could improve Android apps for everyone, according to devs
When Android 12 finally arrives this fall, we want our favorite apps to be ready for it. There are a few ways Google could help make that happen.
Google Pixel 4a review, 6 months later: Still the best camera under $400
It turns out Google's "less is more" approach really fits well within the constraints of a less-expensive phone, and its strengths in software and camera processing stand out against less-refined competition. The Pixel 4a picks up right where the 3a left off, with better specs, the same great camera, and a $50 lower price.
Block ads, trackers and even some malware with the best Chrome ad blockers
Pop-ups, banners and video ads are at the very least annoying, but many also harbor malware. Here are some ad blockers to help cut through the noise.