Reports mention that Adobe is to rework its code-signing certificate process after discovering malware that was signed with the code. This incident – the latest in a series of certificate-related security compromises – will add unnecessary expense to most organisations hit by the incident. It appears that hackers accessed a compromised build server that was able to get code approval from the firm’s code-signing system.
It’s important to understand that code-signing certificates are essentially cryptographic identifiers that confirm that executable software originates from the author and can be allowed to execute. It’s a verification of trust – in much the same way that most people trust a policeman’s warrant card. As a result, certificate-based compromises are becoming as common as phishing attacks and malware infections.
Because the certificate verification process is automatic, the fact that there is a compromised certificate in active circulation places the integrity of an organisation’s IT security resource at risk. And whilst most companies will probably escape any problems, there are clear enrolment admin overhead and management costs for those companies that continue to rely on manual enrolment and revocation processes.
Adobe’s admission that one of its certificates has been hijacked is another example of why organisations that rely on this most basic trust technology need to have a strategy in place for quickly identifying, revoking and replacing them when they have been compromised.
Continuous maintenance of certificates and keys throughout all stages of their lifecycle – from request to secure generation, renewal and revocation – is critical functionality of a good key and certificate management system – either done manually or through an automated process. Given the string of certificate- and CA-related attacks, I strongly advise companies to evaluate management best practices and automated solutions.
While it’s good to hear that Adobe is revamping its code-signing certificate processes in the wake of this latest certificate compromise, the bottom line here is that the extra administration involved adds to the cost of remediating this hack – as well as eroding confidence in the certificate system itself.
Unfortunately, most organisations wait until a disaster strikes before taking action, hopefully this will serve as a wake-up call to all enterprises that there is simply no excuse for not having a remediation plan in place.