Google Chrome 63 will warn you of man-in-the-middle attacks
Soon to be launched Chrome 63 will have a provision for detecting TLS interception or MiTM attack.
Google is currently testing a warning system that will notify users about man-in-the-middle (MiTM) attacks. Developed by Sasha Perigo, an intern at Google, this feature is currently being tried out in Google Canary, the early developer preview version of Chrome. This feature will enable users to identify any MiTM interference present in the network.
Keep in mind that some security programs such as antiviruses and firewalls also work on the same principle. This is called ‘SSL inspection.’ Unfortunately, cyber criminals use the same function to intercept and manipulate the data being sent between clients (PC) and servers.
A man-in-the-middle (MiTM) attack takes place when software or an application existing on a user’s computer or network intercepts that user’s traffic. The term ‘MiTM’ grabbed attention in 2015 when it was found that all Lenovo PCs had pre-installed adware that broke HTTPS connections. Users dealing with MITM software see a TLS/SSL error on their browsers. Usually, the users click through it and visit the page irrespective of the warning. But from now on, this is going to change. Once this feature is enabled in Chrome, users won’t be able to bypass the warning.
Sasha Perigo, former Google intern working on this feature provided the following details.
“For this error page we say a user has “misconfigured” software if they don’t have the root required for the MITM program.
We check the error code the certificate validator threw, and check fields on the missing cert to see if it’s MITM software.
This error page will only be shown to users who were already seeing SSL errors. If you’re not seeing SSL errors right now, you’re all good!”
If you have Chrome Canary, you can get a taste of this feature. Follow the steps below:
Step 1: Open Google Chrome Canary
Step 2: Go to the drop-down menu and click on Properties.
Step 3: Go to the Target field in the Shortcut menu. Copy and paste –enable-features=MITMSoftwareInterstitial after the path which starts with “C:\Users\….. ” leaving a space in between.
If you’re not seeing TLS/SSL errors on any pages, there’s no need to be concerned about this. The expected release date for Chrome 63 is December 5th, 2017 and this feature is expected to be a part of it.