In a troubling development, security researchers have uncovered that a Microsoft-trusted certificate authority, Fina CA, has mis-issued a total of 12 TLS certificates for Cloudflare’s 1.1.1.1 encrypted DNS lookup service. This discovery raises significant concerns, as these unauthorized certificates could potentially be used to surreptitiously decrypt millions of users’ DNS queries.
Cloudflare has stated that it has not found any evidence of the certificates being used maliciously thus far. However, the mere existence of these unauthorized certificates poses a serious security risk, as an attacker with access to the private keys could intercept and tamper with user DNS traffic, potentially redirecting them to malicious sites. Fina CA has claimed the certificates were issued for internal testing, but its actions clearly violated protocols by issuing certificates without Cloudflare’s consent.
The incident underscores the critical importance of maintaining rigorous security measures and oversight within the certificate authority ecosystem. As the internet plays an increasingly central role in our daily lives, protecting the integrity of online infrastructure and user data must remain a top priority for both service providers and the organisations responsible for safeguarding secure communication.