I was at a store that had an AT&T wifi spot within range. Being an AT&T phone, my phone connected. I went to use google from chrome, typing in a search not google.com then search. I was presented with a screen saying there was a certificate issue.
Without more info, like looking at details on the certificate, someone is doing a bad man-in-the-middle attack.
To intercept HTTPS, they need to be able to create certificates that look like they come from google, using a certificate authority you already trust. If you don't already trust that certificate authority, or they did a poor job spinning up the certificate, you get errors like this.
I assume you aren't joining their corporate network by accident, in which case you would need their corporate CA installed.
More than likely, someone has setup a wifi, called it AT&T (you can call your wifi whatever you want), and is hoping to steal information.
that is a normal chrome block screen... press advanced and continue
they picked this up from the military. we used if for a very long time
just a tip. start using an oinion service when you connect to public wifi. esp me being from a very large city. i dont trust anyone. ive seen a homeless guy on kali @ starbucks. i shit you not...
i would compare the CERT with the actual Google CERT.
Like the others say this might be a terrbile MITM attack
It's not necessarily an attack or wiretapping, but yes, operators do this kind of crap, modifying web pages, inserting tracking elements or frames and scripts (I know my mobile provider does this to provide in-browser "customer portal" functionality, showing stuff like account balance and such. Thankfully, it allows to opt-out of this "feature"). To do this to SSL connections, it has to substitute the certificate, which is why your browser raises red flag.
I wouldn't consider this ok, because all your encrypted traffic is being skimmed over in real time. It shouldn't be the norm that this happens on your phone, no matter how it is being sold to by your carrier.
What is the worst that could happen though? I guess it just means they can read the content of any webpages you go to, stuff you write in etc. Bank details, shopping habits, read your email.
The problem is with that network. It has been there for years just always slow. This is a new problem. I was thinkibg something got messed up revealing their wiretapping actions
That's far from normal for google.com and chrome. Google automatically installs all safe certs into Chrome (they did this after the DigiNotar hack so it's been a while) so as to avoid MITM attacks and such.
@RotatingFans I'm gonna say you probably connected to a rogue hotspot you connected to or they injected their own cert. Did you have to agree to any terms and conditions before browsing?
No. Att broadcasts wifi at most of their towers free to use for all customers.
Can I just answer this with "No"? Have you never gotten this chrome message before?
Ah that's right, I recently started using ATT and my phone automatically connected to WIFI at a McDonalds. It kinda freaked me out so I went into airplane mode. I guess that was that feature. I wonder if I can rogue that connection....
It might be one of those networks that need a sign in. I've had my phone come up with a bad cert alert on chrome when connecting to google, but because the wifi wanted me to do a terms agreement to use it or a sign in. Google.com is weird as in it would give me that error, but if I went to any other site it would forward me to the sign in.
I could access the Internet from the wifi as i went to my email and clicked on a link to an article. I believe it was just goofle or just https connections, i did not fully test.
@Schyken I have gotten this message before. Never on a site like google.com never under normal conditions. This was related to the network connected to "attwifi" which all att phones are configured to connect to automatically
Ah, I see. I guess I'm a bit overaccustomed to it. I get that message using my school wi-fi on anything from google.com, bing.com to youtube search results even though youtube itself comes up no problem. :P attwifi spots are a bit fidgety :3
This can be fine on a school wifi, corporate lan or something else, where they need to ensure kids aren't looking at porn, and to maintain security. That would be understandable.
Chrome does certificate pinning, where it ensures certificates for google domains are the original ones they generated. This is probably why you are getting these messages.
Hmm so your phone automatically connects to certain wifis? Is it using a certificate or something to authenticate, or are they open ones? Thats kind of dodgy, and would be easy to exploit!
It's not necessarily AT&T, if it's a public network it's very easy for another person on that network to force all traffic through their machine. Basically, if you're on a public network and you get this error, then someone is looking at your traffic.
and even if they did so they should be smart enough to grab a cert from lets encrypt.. they are so easy to grab lol
All internet traffic in the US routes through government run storage and analysis facilities anyway sooooooo.
Not for google.com you cant, hard to prove you own that domain. There are some dodgy certificate authorities, that can be fooled into giving you certificates for things you don't own. Hopefully they all get shut down and pulled from certificate stores. Startssl was one from memory.
And yeah, I guess some governments do on mass MITM the whole country. Personally i'm not too worried about that. That won't intercept things with end to end encryption.
