A study of the threat of forgery of certificates issued online

Abstract

Many online certificate-issuing services are being made available, and the use of those services has increased due to their convenience and diversification. However, development of new hacking techniques has introduced new threats to online certificate issuing services. In this study, we show that the data transmitted from an online certificate issuing server to output devices (such as a PC or printer) can be accessed by a hacker and modified into a false certificate and that the falsified document or certificates can be printed. In addition, we show that hackers can bypass forgery prevention software. Our findings show that the data located in the memory of an Internet browser that conducts the issuing of certificates can be accessed and manipulated, and that the forged certificate can be printed. We also determined that a forged certificate can be printed using the data located in the spool file.