A number of browser makers, including Apple, have banned a root certificate that was being used by the Kazakhstan government to spy on its citizens.
Credit: Apple
The certificate was being used to intercept and decrypt HTTPS traffic from residents in Nur-Sultan, the capital citizen of Kazakhstan. On Dec. 6, local internet service providers were forced by the government to block foreign websites unless users had the certificate installed on their devices.
Apple, Google, Microsoft, and Mozilla on Friday banned the certificate in their respective browsers, ZDNet reported. That means Safari, Chrome, Edge, and Firefox have all been patched, preventing the use of the certificate to perform main-in-the-middle attacks intercepting user data.
As justification for the certificate, Kazakh officials said they were carrying out cybersecurity training in response to a spike in cyberattacks during the coronavirus pandemic.
The move by the browser makers comes more than a year after they all blocked a similar government-mandated certificate in August 2019.