'Freak' SSL flaw affects mobile browsers, thousands of websites
'Freak' SSL flaw affects mobile browsers, thousands of websites

Researchers from Microsoft Research, INRIA and IMDEA combined for the project with its subsequent SmackTLS.com website detailing how Freak (also known as 'Factoring Attack on RSA-EXPORT Keys' or CVE-2015-0204) can potentially be exploited to undermine the HTTPS encryption used to safeguard online communications.

News on the flaw emerged late on Tuesday and it has already been compared to the wide-spread Heartbleed and Poodle vulnerabilities, although no in-the-wild Freak attacks have been spotted yet.

The vulnerability was apparently introduced by a US government policy in the 1990s, which stipulated that exported encryption products would ship the weaker “export-grade” 512-bit encryption. According to the researchers, this cipher still appears on some TLS/SSL clients and servers, such as Open SSL (before version 1.0.1k) and  in Apple's SecureTransport . Subsequently, it affects both Apple and Google Android browsers, but not Chrome.

As a result, hackers could essentially force vulnerable clients and servers down to use this export-grade encryption (even though it's most likely disabled my default), at which point they could crack the encryption, and launch a Man-in-the-Middle (MiTM) attack to steal data, passwords or other sensitive information.

Around a quarter of websites, including the now-patched FBI and Whitehouse sites as well as Bloomberg, American Express and Groupon have been affected, while the NSA's website is also impacted. The agency allegedly introduced the flaw, numerous experts have said.

Apple will roll out a software upgrade including a fix next week, while experts warn against using Android's in-built browser. Google has alerted carriers and manufacturers.

“The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they're still hurting us today,” cryptographer Matthew Green of Johns Hopkins University wrote in a blog post yesterday.

Gavin Millard, Tenable's technical director, EMEA , told SCMagazineUK.com that it's important: “Is Freak something we should all be freaking out about? I don't think so as it is far less of an issue than HeartBleed, but it is still worth taking note and fixing the issues where present. Similar to Poodle, the actual attack in the real world is difficult as it takes a number of steps to take advantage of.