cryptogon.com

…

Why is Komodia now getting so much attention anyway? Because its hugely intrusive and poorly protected technology is found in many places on the web, according to Marc Rogers, principal security researcher at content delivery network CloudFlare. The technology can be found in various parental control software, including those made by Qustodio and the Israeli firm’s own “Keep My Family Secure” product, and in web filter products across the world. On Weichselbaum’s LinkedIn page, he says: “My biggest vision is to create a world where children can surf the internet safely, and I’m working to see this vision realized.”

Worryingly, it’s very easy to extract and use the encryption key run by Komodia, largely because the password to access all different versions of the certificate is “komodia”. That means malicious hackers can craft their own SSL certificates, which are supposed to guarantee trust, with the Komodia key. They can then intercept people’s internet connections, create fake versions of certain websites and steal their data, as long as targets’ computers trust the Komodia certificates.

“This means that those dodgy certificates aren’t limited to Lenovo laptops sold over a specific date range. It means that anyone who has come into contact with a Komodia product, or who has had some sort of Parental Control software installed on their computer should probably check to see if they are affected,” said Rogers.