What is FREAK?
FREAK, an acronym for ?Factoring RSA-EXPORT Keys,? is the term used to describe the method of attack. It renders people who use certain browsers on mobile iOS and Android platforms, as well as Mac computers, susceptible to cyber attacks when they access certain ?secure? websites.
This flaw allows a hacker to force websites into using lower-grade encryptions for secure HTTPS connections. This type of encrypted connection can reportedly be cracked in under a few hours just by using at least 75 ?botnet? computers. Once successful, the attackers can then hack the website and steal personal information (including banking data).
FREAK has actually existed since the 90s when the U.S. government considered digital encryption as a weapon and prohibited the use of strong encryption keys. As a result, two major types of protocols have been made; one that utilized strong keys intended to be used only within the United States and the other ?export? version that features weaker keys to be used for the rest of the world. The Washington Post reports:
?The flaw resulted from a former U.S. government policy that forbade the export of strong encryption and required that weaker ?export-grade? products be shipped to customers in other countries, say the researchers who discovered the problem. These restrictions were lifted in the late 1990s, but the weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year.?
How to protect yourself from the FREAK flaw
Browsers at risk
Folks from tech site Tom?s Guide have tested a handful mobile and desktop browsers using a tool from Freakattack.com and found out that the following programs are vulnerable and, therefore, should be avoided for the time being:
- Safari on OS X (Mac); older versions of Chrome are still vulnerable as well
- Chrome, Dolphin, Opera and (reportedly) the default Android browser on Android
- Safari, Dolphin and Opera Mini on iOS
The site also discovered that the following browsers are safe to use according to the tests they?ve conducted.
- Chrome, Firefox, Internet Explorer and Opera on Windows
- Firefox on OS X (recently released Chrome 41 is also immune)
- Firefox on Android
- Chrome on iOS
- They mentioned that browsers in the Linux desktop may also be immune but they can?t confirm it yet.
What to do
Until a permanent fix is developed to address FREAK, Tom?s Guide suggests that users of Mac OS X should use Firefox for browsing the Internet of update their Google Chrome browser to version 41. For people who use Apple?s mobile platform (i.e. iPhones and iPads), it?s recommended that they only use the Chrome browser app until Apple rolls out a patch update. Meanwhile, Android users can use the Firefox browser to surf the web. Google already pushed out a patch for the Android OS but not all device makers and carriers have rolled it out.
Photo Credit: ?J. Endriga