acm-header
Sign In

Communications of the ACM

ACM TechNews

'freak' Flaw Undermines Security For Apple and Google Users, Researchers Discover


The FREAK vulnerability created in the 1990s  can still be exploited today.

Companies and government agencies are scrambling to correct the FREAK security flaw, which resulted from 1990s-era government policy that restricted the export of strong encryption policies.

Credit: George Thomas/Flickr

Companies and government agencies are scrambling to correct a major security flaw revealed this week that has left users of Apple and Google devices and users of million of websites vulnerable to man-in-the-middle attacks for more than a decade.

Dubbed FREAK, the vulnerability is the result of 1990s-era government policy that restricted the export of strong encryption techniques, which resulted in what is now considerably weak 512-bit encryption being coded into numerous software products that have since proliferated around the world.

The flaw was discovered by French computer science lab INRIA during tests of encryption systems and took everyone by surprise as 512-bit encryption has been considered obsolete for more than a decade.

University of Pennsylvania cryptographer Nadia Heninger was able to crack the vulnerable encryption in about seven hours by renting time on Amazon Web Services servers. Hackers could exploit this method to steal passwords and personal information and potentially launch broader attacks on affected websites.

The University of Michigan estimates almost a third of all "secure" websites are affected by FREAK, with about 5 million encrypted websites still vulnerable as of Tuesday morning.

Governments and businesses were working behind the scenes to address FREAK before it became public knowledge on Monday, and both Apple and Google are working on patches for computers and mobile devices.

From The Washington Post
View Full Article - May Require Free Registration

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found