Researchers discover ‘FREAK’ software security flaw, Apple says fix is coming soon

A new exploit dubbed ‘FREAK Attack’ — which stands for “Factoring attack on RSA-EXPORT Keys” — that takes advantage of a security flaw dating back to the 1990s will be patched soon by Apple.

It apparently stems from a U.S. government-based initiative which prevented companies from using strong encryption in the goods that they exported. The alternative was that these companies had to create “export-grade” products, which were essentially much weaker than devices with stronger encryption protocols in place, that could be sent to other countries.

Hackers could use this information to do the same thing on the weakened-encryption browsers, and the researchers believe that these attacks could get bigger as hackers use the bypass to go after major entities and websites.

The testing the researchers deployed resulted in the export-grade encryption key to get hacked in about seven hours, and apparently more than a quarter of the encrypted sites were found to be vulnerable.
“We thought of course people stopped using it,” said Karthikeyan Bhargavan, a researcher at the French computer science lab INRIA whose team initially found the problem during testing of encryption systems. Nadia Heninger, a University of Pennsylvania cryptographer, said, “This is basically a zombie from the ’90s… I don’t think anybody really realized anybody was still supporting these export suites.“
According to the website, clients prone to this vulnerability don’t just include many Google and Apple devices which use unpatched OpenSSL, but a large number of embedded systems and “many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.”

In the original report, it’s pointed out that this vulnerability is a perfect example of what can happen when the government does anything to get involved with device security, which many federal individuals have suggested should happen when it comes to encryption on mobile devices from the likes of Apple.

What do you think ?



blog comments powered by Disqus
Octofinder Blog Catalog