Is my router trying to MITM my office365 connection?

I recently installed a new BT HomeHub6 router for my household internet connection. It's been less than 24 hours, and I'm seeing a warning pop up on my desktop computer occasionally regarding Outlooks' connection to my exchange service, hosted at office365. The error indicates that the certificate presented by the server (outlook.office365.com) is:

  1. Self-signed
  2. Does not have a subject that matches outlook.office365.com
  3. Is valid in terms of it's date

Diving deeper into the certificate, I can see that the self-signed certificate has the subject "CN=self-signedKey,O=Sagemcom Ca,C=FR". This is too much of a coincidence that I've just changed my router, and a router manufacturer is labeled in a certificate that's on an https session, in an attempt to MITM. Now this could be a MITM attack on a jump after my router (I don't think I have any way to investigate that), but browsing to the FQDN as a URL via my browser just redirects to the OWA login page, with no certificate warning.

It just seems scary to me that my router would even attempt to do a MITM or any sort of packet inspection with out my say-so. Or am I deeply naïve?! Is this normal? Or am I alone?

Selfsigned key error message

Showing the Subject for the nasty certificate

It also occurs to me that my https session with outlook.office356.com is using a public key far larger in size than the crumby 1024bit one being presented, so infact it's degrading the security of the tunnel.

Other than clicking on "No", is there any way for me to categorically distrust this certificate so that the warning never appears again?

4

1 Answer

I'm unable to comment due to low rep, but are you definitely sure you're using your private wifi, and not the FON/BTWifi connection? Sagemcom is the manufacturer of the HomeHub 6 and the software it runs, and I believe that for FON they use their own certificate for filtering. Also, see the answer here about DNS leaks. You may wish to change the DNS servers and try again. Finally, when accessing a site which has HSTS enabled (like Google Encrypted) see if you're blocked from accessing it.

3

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like