[noselasd]

This simply means that phone/tablet manufacturers together with carriers will pre-install and trust the proxy certificates of the carrier, without any end user consent.

This will easily allow the carriers to perform their duty of Lawful Interception

[Lukasa]

This is not a new security hole. Carriers can do this today and transparently MITM all current HTTPS traffic: no new risk is present.

[noselasd]

Sure it is, the old way you either

* get an alert when going to e.g. www.google.com as the carrier tries to hijack the session with a fake certificate.

* the carrier have their own versions of libraries/browsers/etc. installed on the phone that disables certificate checks/alerts that would pop up when they hijack a session.

* the carrier have actually gotten hold of a certificate for www.google.com - which I'm sure is doable, but harder, and is thus able to perform a successful mitm attack.

With this approach, the carrier just needs to generate their own certificate, install it on the phone they sell, and can proxy any service they want without user alerts. A significant lower entry bar.

[omh]

The "old way" is actually to install a new CA on the device. Then the proxy can just dynamically create dummy certificates signed by that CA.

This is simple on the client and avoids any security warnings. It's supported in quite a few firewalls and even squid, so it would be very easy for a carrier to roll out tomorrow if they needed to.

[rockdoe]

Only with SIM locked phones for specific providers, I presume. Otherwise cert pinning will alert pretty quickly.