FREAK (also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2015-0204) is a newly-discovered flaw in SSL/TLS, the technology which is supposed to secure your communications across the net.
What’s so bad about bugs in SSL/TLS?
If the encryption you are relying on for your HTTPS connections is flawed, malicious hackers or intelligence agencies could break it and intercept your communications. They could launch attacks, and potentially sniff out your passwords and private messages.
Okay. Sounds serious. How is this FREAK attack possible?
In the 1990s, the US government tried to prevent products being sold overseas if they featured strong encryption. They said that “export-grade” (in other words, weak) encryption was alright though.
Why did they want people outside the United States using weak encryption?
Why do you think? So the NSA could spy on them. Stronger cryptography algorithms were banned from export, and classified as weapons of war.
Fortunately not, unless you’re trying to export the cryptography to a rogue state or a terrorist organisation. The US government realised that banning strong encryption was damaging to technology companies and inhibiting growth.
Of course, in the meantime the weak “export-grade” encryption isn’t as much of a challenge to crack as it used to be. You don’t need to be the NSA with vast amounts of computing power to do it.
Instead, according to cryptographer Matthew Green who spoke to the Washington Post, all you probably need is about 75 computers to chug away cracking the code for about seven hours. That much computer power can be hired from cloud services like Amazon EC2 for less than $100.
So the weak “export-grade” encryption was being shipped overseas in the 1990s. Why is this an issue now?
Hang on. Yes, the weak encryption was shipped outside the States, but it also found its way into products and services sold in the States too. The weak algorithms can still be found out there in different products, although they are typically disabled by default.
If they’re typically disabled, why is it a problem?
In recent weeks, researchers have discovered that they could force browsers to use the weaker encryption – and then crack it in a matter of hours, opening up the possibility of stealing passwords and other mischief.
Here’s what the Washington Post had to say:
More than one third of encrypted Web sites – including those bearing the “lock” icon that signifies a connection secured by SSL technology – proved vulnerable to attack in recent tests conducted by University of Michigan computer science researchers J. Alex Halderman and Zakir Durumeric. The list includes news organizations, retailers and financial services sites such as americanexpress.com. Of the 14 million Web sites worldwide that offer encryption, more than 5 million remained vulnerable as of Tuesday morning, Halderman said.
In recent days, FBI.gov and Whitehouse.gov are said to have been fixed.
Yoinks! So if researchers have known about this for weeks, why didn’t they say earlier?
The researchers have been working behind the scenes notifying government sites and large technology companies, asking them to quietly fix the issue before it became well known.
Perhaps sub-optimally, Akamai posted a blog about the issue on Monday – letting the cat out of the bag, perhaps earlier than was intended.
Maybe that’s why there doesn’t appear to be an officially-sanctioned logo for the FREAK attack yet. As we all know by now, creation of the logo is one of the most important (and time-consuming) parts of vulnerability disclosure.
Does this FREAK attack affect me?
Do you have an iPhone, an Android or a Mac OS X computer? It affects you.
Do you visit websites like americanexpress.com, groupon.com, mit.edu, marriott.com, usajobs.gov, bloomberg.com or many others? It affects you.
About 12% of websites are thought to be affected.
Hmm. So what is being done about it?
Apple says it will be rolling out a fix in the form of a software update next week.
On Android devices, make sure to use something else instead of the built-in Android Browser.
And, yes, Windows users it appears it affects you too.
Go to freakattack.com to see if your particular browser is vulnerable. You may wish to switch to a browser which isn’t affected.
And what if I run a website?
Disable support for any export suites on your web server. Freakattack.com suggests that instead of simply excluding RSA export cipher suites, administrators should disable support for all known insecure ciphers and enable forward secrecy.
That sounds quite nerdy.
Yes, maybe you should get the nerd who takes care of your website to look into it. Just in case.
Haven’t we had some other bugs in SSL/TLS recently?
You must be thinking of Heartbleed. Or maybe POODLE. Or the critical SSL flaw that Apple patched in OS X and iOS a year or so ago, after one of their programmers messed up.
The sad truth is that there have been a lot of critical SSL-related bugs in the last year or so.
This all seems pretty bad. Cheer me up.
Well, here’s some schadenfreude for you.
It turns out that the NSA, the organisation that called for this weakened encryption to be used in the first place, is itself vulnerable to the FREAK attack on its website – nsa.gov.
Are there any lessons we can learn from this?
Yes! Next time a government tells you that they want to put backdoors into encrypted messaging, maybe by weakening the cryptography, tell them to bog off.
Where can I find out more?
Check out the following:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.