FREAK attack: What is it? Here's what you need to know

FREAKI've heard people talking about a new security flaw called FREAK. What is it?
FREAK (also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2015-0204) is a newly-discovered flaw in SSL/TLS, the technology which is supposed to secure your communications across the net.

What's so bad about bugs in SSL/TLS?
If the encryption you are relying on for your HTTPS connections is flawed, malicious hackers or intelligence agencies could break it and intercept your communications. They could launch attacks, and potentially sniff out your passwords and private messages.

Okay. Sounds serious. How is this FREAK attack possible?
In the 1990s, the US government tried to prevent products being sold overseas if they featured strong encryption. They said that "export-grade" (in other words, weak) encryption was alright though.

Why did they want people outside the United States using weak encryption?
Why do you think? So the NSA could spy on them. Stronger cryptography algorithms were banned from export, and classified as weapons of war.

ExportWow. Is this still the case?
Fortunately not, unless you're trying to export the cryptography to a rogue state or a terrorist organisation. The US government realised that banning strong encryption was damaging to technology companies and inhibiting growth.

Of course, in the meantime the weak "export-grade" encryption isn't as much of a challenge to crack as it used to be. You don't need to be the NSA with vast amounts of computing power to do it.

Instead, according to cryptographer Matthew Green who spoke to the Washington Post, all you probably need is about 75 computers to chug away cracking the code for about seven hours. That much computer power can be hired from cloud services like Amazon EC2 for less than $100.

So the weak "export-grade" encryption was being shipped overseas in the 1990s. Why is this an issue now?
Hang on. Yes, the weak encryption was shipped outside the States, but it also found its way into products and services sold in the States too. The weak algorithms can still be found out there in different products, although they are typically disabled by default.

If they're typically disabled, why is it a problem?
In recent weeks, researchers have discovered that they could force browsers to use the weaker encryption - and then crack it in a matter of hours, opening up the possibility of stealing passwords and other mischief.

Here's what the Washington Post had to say:

More than one third of encrypted Web sites – including those bearing the "lock" icon that signifies a connection secured by SSL technology – proved vulnerable to attack in recent tests conducted by University of Michigan computer science researchers J. Alex Halderman and Zakir Durumeric. The list includes news organizations, retailers and financial services sites such as americanexpress.com. Of the 14 million Web sites worldwide that offer encryption, more than 5 million remained vulnerable as of Tuesday morning, Halderman said.

In recent days, FBI.gov and Whitehouse.gov are said to have been fixed.

Yoinks! So if researchers have known about this for weeks, why didn't they say earlier?
The researchers have been working behind the scenes notifying government sites and large technology companies, asking them to quietly fix the issue before it became well known.

Perhaps sub-optimally, Akamai posted a blog about the issue on Monday - letting the cat out of the bag, perhaps earlier than was intended.

Maybe that's why there doesn't appear to be an officially-sanctioned logo for the FREAK attack yet. As we all know by now, creation of the logo is one of the most important (and time-consuming) parts of vulnerability disclosure.

Does this FREAK attack affect me?
Do you have an iPhone, an Android or a Mac OS X computer? It affects you.

Do you visit websites like americanexpress.com, groupon.com, mit.edu, marriott.com, usajobs.gov, bloomberg.com or many others? It affects you.

About 12% of websites are thought to be affected.

Hmm. So what is being done about it?
Apple says it will be rolling out a fix in the form of a software update next week.

On Android devices, make sure to use something else instead of the built-in Android Browser.

And, yes, Windows users it appears it affects you too.

Go to freakattack.com to see if your particular browser is vulnerable. You may wish to switch to a browser which isn't affected.

Firefox

And what if I run a website?
Disable support for any export suites on your web server. Freakattack.com suggests that instead of simply excluding RSA export cipher suites, administrators should disable support for all known insecure ciphers and enable forward secrecy.

That sounds quite nerdy.
Yes, maybe you should get the nerd who takes care of your website to look into it. Just in case.

Haven't we had some other bugs in SSL/TLS recently?
You must be thinking of Heartbleed. Or maybe POODLE. Or the critical SSL flaw that Apple patched in OS X and iOS a year or so ago, after one of their programmers messed up.

The sad truth is that there have been a lot of critical SSL-related bugs in the last year or so.

This all seems pretty bad. Cheer me up.
Well, here's some schadenfreude for you.

Animated GIF of FREAK attack on NSA

It turns out that the NSA, the organisation that called for this weakened encryption to be used in the first place, is itself vulnerable to the FREAK attack on its website - nsa.gov.

NSA website, mid-FREAK

Are there any lessons we can learn from this?
Yes! Next time a government tells you that they want to put backdoors into encrypted messaging, maybe by weakening the cryptography, tell them to bog off.

Where can I find out more?
Check out the following:

(Visited 2,518 times, 1 visits today)

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

8 Responses

  1. James

    March 4, 2015 at 8:38 am #

    LOL
    "That sounds quite nerdy."
    " Yes, maybe you should get the nerd who looks after your website to look into it. Just in case."

  2. David

    March 4, 2015 at 10:06 am #

    Excellent summary. I will send questioners a link to your blog for information regarding FREAK.

  3. John

    March 4, 2015 at 11:52 am #

    Pretty nasty stuff. I guess Edward Snowden will get blamed for this vulnerability on nsa.gov as well, huh ? :-)

  4. Feeniss Fmoog

    March 4, 2015 at 4:44 pm #

    Hmmm…as far as I have been able to tell, using "a Mac OS X computer" doesn't necessarily make you vulnerable. Rather, it's the Safari browser that contains the vulnerability. If you're using, say, Firefox, SeaMonkey, Chromium, or Chrome (which apparently are not affected) and you never use Safari, then you're not vulnerable.

    Safari users would be wise to use a different browser until Apple patches the problem next week.

  5. Genie

    March 6, 2015 at 5:28 am #

    Nice treemap of affected countries…

    https://infogr.am/https_sites_that_support_rsa_export_suites

  6. J M Ward

    March 6, 2015 at 10:22 am #

    Users of BitDefender AntiVirus Plus should note that if they have "Scan SSL" turned on, and they navigate to the FREAK test site at https://freakattack.com/ or https://freakattack.com/clienttest.html, they will probably receive a warning which flags their browser as vulnerable.

    If you have "Scan SSL" turned on, you are using BitDefender substitute security certificates so that BitDefender can do what amounts to a MITM (man-in-the-middle) attack to monitor the PC's SSL-encrypted traffic for malware. Whether this actually exposes you to FREAK or not, I do not know – I have posted this topic on the BitDefender forums site and await their response with interest.

  7. J M Ward

    March 6, 2015 at 11:20 am #

    It seems possible that BitDefender is invoking a less-secure SSL encryption algorithm in order to increase the encryption/decryption speed and therefore minimise the overhead of "Scan SSL". If this is the case, it is decreasing security in one area (internet connection) in order to increase it in another (malware detection), a compromise that users should be aware of.

  8. AndyB

    March 9, 2015 at 7:30 pm #

    Whitehouse.gov doesn't even sign their certificates correctly.

    >>> You have asked Firefox to connect securely to www.whitehouse.gov, but we can't confirm that your connection is secure.

    >>> www.whitehouse.gov uses an invalid security certificate.

    >>> The certificate is only valid for the following names:
    *.akamaihd.net, *.akamaihd-staging.net, a248.e.akamai.net, *.akamaized.net, *.akamaized-staging.net

Leave a Reply