'Freak' SSL flaw affects mobile browsers, thousands of websites

News by Doug Drinkwater

Security researchers have discovered the latest SSL/TLS vulnerability, which leaves around 12 percent of all websites open to MiTM attacks and potential data loss.

Researchers from Microsoft Research, INRIA and IMDEA combined for the project with its subsequent SmackTLS.com website detailing how Freak (also known as 'Factoring Attack on RSA-EXPORT Keys' or CVE-2015-0204) can potentially be exploited to undermine the HTTPS encryption used to safeguard online communications.

News on the flaw emerged late on Tuesday and it has already been compared to the wide-spread Heartbleed and Poodle vulnerabilities, although no in-the-wild Freak attacks have been spotted yet.

The vulnerability was apparently introduced by a US government policy in the 1990s, which stipulated that exported encryption products would ship the weaker “export-grade” 512-bit encryption. According to the researchers, this cipher still appears on some TLS/SSL clients and servers, such as Open SSL (before version 1.0.1k) and  in Apple's SecureTransport . Subsequently, it affects both Apple and Google Android browsers, but not Chrome.

As a result, hackers could essentially force vulnerable clients and servers down to use this export-grade encryption (even though it's most likely disabled my default), at which point they could crack the encryption, and launch a Man-in-the-Middle (MiTM) attack to steal data, passwords or other sensitive information.

Around a quarter of websites, including the now-patched FBI and Whitehouse sites as well as Bloomberg, American Express and Groupon have been affected, while the NSA's website is also impacted. The agency allegedly introduced the flaw, numerous experts have said.

Apple will roll out a software upgrade including a fix next week, while experts warn against using Android's in-built browser. Google has alerted carriers and manufacturers.

“The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they're still hurting us today,” cryptographer Matthew Green of Johns Hopkins University wrote in a blog post yesterday.

Gavin Millard, Tenable's technical director, EMEA , told SCMagazineUK.com that it's important: “Is Freak something we should all be freaking out about? I don't think so as it is far less of an issue than HeartBleed, but it is still worth taking note and fixing the issues where present. Similar to Poodle, the actual attack in the real world is difficult as it takes a number of steps to take advantage of. 

“An attacker has to break a 512bit cryptographic key and also have a method of breaking the session, man in the middle style, to steal data or inject malicious code. Unfortunately, due to the “export grade” cypher suites, breaking the key is far easier than it should be, taking a matter of hours and, according to research done by Nadia Heninger, $104 of EC2 time.

“We should also consider how easy it is to setup Man in the Middle attacks with weaknesses being discovered in home routers all the time, which could allow a persistent attacker to break the key, redirect traffic from swathes of home users towards a malicious system and inject code whilst the end user is blissfully unaware thinking they are secure as they have a "signed" and “valid” SSL/TLS cert.

“With all major bugs of this types, it is important that the affected systems are identified and updated when the patches are available to reduce the risk of this vulnerability being exploited. OpenSSL has a patch available now, the client updates should follow in the coming days.”

Keith Bird, UK MD for Check Point commented: “Even though the vulnerability affects a significant number of major websites worldwide, the risk to consumers and business users of their data being intercepted by a hacker exploiting it is minimal, as it would take a great deal of targeted effort to do so. 

“As the flaw affects the Safari browser on iPhones, iPads and Macs and Android's built-in browser, but not Google Chrome or the latest versions of Internet Explorer or Firefox, users can simply switch to a web browser that's not affected to mitigate any risk from this vulnerability.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews