A major decades-old security flaw has been exposed. Dubbed the FREAK (Factoring attack on RSA-EXPORT Keys) flaw, the vulnerability has its roots in an outdated U.S. government policy which disallowed devices that had strong encryption technology in the software from being shipped to other countries, and instead shipped with weaker “export-grade” encryption.
UPDATE (3/6/2015): It turns out the vulnerability affects all supported releases of Microsoft Windows. Microsoft is currently working on a fix.
Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.
Additional, the Freak Attack website has added a section outlining what browsers have been patched. As of March 5th, Chrome on Mac OS has a patch available, Safari on Mac OS and iOS is expected to receive a patch next week, Internet Explorer has released a security advisory and as of yet there is no news on available patches for Chrome on Android (although Google has stated Chrome browser for Android is not affected), Stock Android Browser, Blackberry Browser, and Opera on Mac OS and Linux.
Even though the restrictions were rescinded in the ’90s, the encryption was already embedded in software that was widely used. The technical description of the vulnerability is as follows:
A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204. Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.
In a nutshell, hackers can force browsers to use the weaker “export-grade” encryption – which only has a 512-bit algorithm – by exposing vulnerabilities in OpenSSL and Apple TLS/SSL clients. This type of algorithm has been listed as unacceptable for encryption for quite some time now, and software that uses it allows hackers to hack it more easily. A skilled hacker can break a 512-bit key in as little as seven hours by renting cloud computing power for under $100.
Researchers tested encrypted websites and found that more than one third were vulnerable to this type of attack. The list of websites that support RSA export cipher suites and are at risk of having HTTPS connections intercepted include some high ranking sites such as businessinsider.com, americanexpress.com, groupon.com, bloomberg.com, and many more.
Websites like FBI.gov and Whitehouse.gov have already been fixed, but according to researchers NSA.gov still remains vulnerable. Both Apple and Google have reported fixes coming soon, however in the case of Google and Android devices it is up to Android partners to deliver the patch. Google’s Chrome browser for Android isn’t affected, so if you’re still using the default browser that came with your Android device you may want to switch to Chrome while waiting for the patch to roll out.
For a more in depth and technical read, you can check out this blog post by Matthew Green, a Johns Hopkins cryptographer and one of the researchers who investigated the vulnerability.
Featured image courtesy CloudTimes.org