Gogo and SSL Certificates

Gogo and SSL Certificates

Tags
Computer Science
security
Published
January 5, 2015
Author
Randall Hand
URL
 
In a funny bit of coincidence, I'm currently on a Delta flight with Gogo wireless as I see this story about Gogo and SSL certificates break. The allegation is that Gogo is intercepting SSL traffic, decrypting, doing who-knows-what, then re-encrypting before delivering it to you. It's a pretty common practice in most companies where they want to monitor employee behavior, but it typically requires that someone installs a special root certificate on your machine. Otherwise, most modern browsers will throw all kinds of warnings and blocks about the site being untrusted.
So, I loaded up "SSL Detective" (a free iOS app) on my iPhone and went to work. My findings are interesting, but a bit weird.
Basically, all the usual stuff (Twitter, Facebook, Google, Gmail) was just fine. But video sites (YouTube, Vimeo, Crackle) all show up signed by this one strange cert.
 
notion image
 
It's a pretty strange thing to be analyzing, as there's probably no personal data going there (at least in comparison to decrypting Facebook or gmail). My guess is that it's related to their desire to block streaming video sites.
From what I know, most Flash and JavaScript will die if they attempt to pull data and the certificate doesn't check out. So this is a mostly effective, albeit odd, way to block it. I don't know why they don't just rewrite the DNS entries somewhere with a warning banner ("Don't do this, be kind to your network using neighbors") or just block the IP.
But I thought it interesting enough to share my findings.