Apple, Android Scramble to Fix Browsers Open to 'FREAK Attack'

Discussion in 'Technical' started by stg58, Mar 4, 2015.

  1. stg58

    stg58 Monkey+++ Founding Member

    Apple, Android Scramble to Fix Browsers Open to 'FREAK Attack'
    SAN FRANCISCO (AP) — Millions of people may have been left vulnerable to hackers while surfing the web on Apple and Google devices, thanks to a newly discovered security flaw known as "FREAK attack."

    There's no evidence so far that any hackers have exploited the weakness, which companies are now moving to repair. Researchers blame the problem on an old government policy, abandoned over a decade ago, which required U.S. software makers to use weaker security in encryption programs sold overseas due to national security concerns.

    Many popular websites and some Internet browsers continued to accept the weaker software, or can be tricked into using it, according to experts at several research institutions who reported their findings Tuesday. They said that could make it easier for hackers to break the encryption that's supposed to prevent digital eavesdropping when a visitor types sensitive information into a website.

    About a third of all encrypted websites were vulnerable as of Tuesday, including sites operated by American Express, Groupon, Kohl's, Marriott and some government agencies, the researchers said. University of Michigan computer scientist Zakir Durumeric said the vulnerability affects Apple web browsers and the browser built into Google's Android software, but not Google's Chrome browser or current browsers from Microsoft or Firefox-maker Mozilla.
    sec_monkey likes this.
  2. melbo

    melbo Hunter Gatherer Administrator Founding Member

    sec_monkey, techsar and BTPost like this.
  3. melbo

    melbo Hunter Gatherer Administrator Founding Member

    From Ivan Ristic: Qualys SSL Labs

    This week brought us the disclosure of the so-called FREAK attack [1],
    whose name stands for Factoring RSA Export Keys. At the first glance,
    it seemed that FREAK is just a practical exploit for CVE-2015-0204 [2],
    which is a problem with OpenSSL announced back in January this year.
    Matthew Green has a good post describing the problem [3], but we'll
    get back to that later. Now that a couple of days have passed, it turns
    out that the problem is much bigger and that all major browsers except
    Firefox were or are still vulnerable to the same problem, even those
    browsers that don't rely on OpenSSL. Chrome, Internet Explorer, Opera,
    and Safari were all reported vulnerable.

    To understand the problem we need to go back many years, to the time
    now long past when the US wouldn't allow export of strong encryption.
    This led to the creation of so-called export cipher suites, which are
    limited to 512 bits of security. Back then (about two decades ago),
    512 bits was somewhat weak-ish, but certainly not within easy reach of
    many. Today, of course, it's a different story -- it can be broken
    within hours, and for as little as $100. [3]

    To support export cipher suites, servers have to create and use
    short-lived 512-bit RSA keys, even when normally using stronger keys
    (1024 bits originally, 2048 bits these days). The FREAK attack exists
    for three reasons. First, these 512-bit keys can now be broken by
    anyone in a matter of hours, and second, some servers keep these
    "short-lived" keys around for a very long time. What this means is
    that servers that support export suites are effectively willing to
    downgrade to only 512 bits of security.

    But that isn't enough. Modern clients don't support export suites any
    more, which means there's no one to ask to use these weak security
    levels. That's where CVE-2015-0204 comes in. This problem "makes"
    vulnerable clients accept weak 512-bit RSA keys even when they don't
    ask to use export cipher suites and even if they don't support them!
    Normally, a server wouldn't do that, but an active network attacker

    This has two practical consequences. First, an active network attacker
    can downgrade any connection to only 512 bits of security, if the
    conversation is between a server that supports export suites and a
    vulnerable client. This means that even if the attacker can't break
    the 512-bit key straight away, she can record the conversation and
    break the key later... but only a matter of hours later.

    With servers that reuse these weak keys, it gets worse. An attacker can
    retrieve the key by connecting to the server, break the key, then mount
    an active network attack that allows her to intercept traffic (with a
    vulnerable client) in real time.

    What can you do about this? If you're running a secure server, make
    sure that you're not supporting export cipher suites. If you're not
    sure, test with the SSL Labs server test [4]. To protect yourself,
    upgrade your browser as soon as your vendor releases a patch.
    OpenSSL was fixed in January, Chrome on OSX this week. If we're lucky,
    the remaining browsers might be patched next week. To test your browser,
    visit the SSL Labs client test [5].

    You can find further information on the web site maintained by the
    University of Michigan [6].

    [1] SMACK: State Machine AttaCKs
    State Machine AttACKs against TLS (SMACK TLS)

    [2] CVE-2015-0204

    [3] Attack of the week: FREAK (or 'factoring the NSA for fun and profit')
    A Few Thoughts on Cryptographic Engineering: Attack of the week: FREAK (or 'factoring the NSA for fun and profit')

    [4] SSL Labs Server Test
    SSL Server Test (Powered by Qualys SSL Labs)

    [5] SSL Labs Client Test
    Qualys SSL Labs - Projects / SSL Client Test

    [6] Tracking the FREAK Attack
    Tracking the FREAK Attack
    BTPost likes this.
survivalmonkey SSL seal warrant canary