Apple, other browser manufacturers block certificate used for surveillance in Kazakhstan

Several browser makers, including Apple, have banned a root certificate that was being used by the Kazakh government to spy on its citizens.

The certificate was being used to intercept and decrypt HTTPS traffic from residents of Nur-Sultan, the capital of Kazakhstan. In dec. 6, the government forced local Internet service providers to block foreign websites unless users had the certificate installed on their devices.

Apple, Google, Microsoft and Mozilla banned the certificate from their respective browsers on Friday, it reported. That means Safari, Chrome, Edge, and Firefox have been patched, preventing the certificate from being used to perform major attacks in the middle that intercept user data.

As a justification for the certificate, Kazakh officials said they were conducting cybersecurity training in response to an increase in cyberattacks during the coronavirus pandemic.

The move by browser makers comes more than a year after they all blocked a similar government-required certificate in August 2019.