The Heartbleed vulnerability revealed that there can be problems in the OpenSSL/TLS encryption the world takes for granted in securing HTTPS connections.
Now comes word of another flaw called FREAK (Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2015-0204), which has Apple, Google and Web site owners scrambling to plug.
Revealed this week in a blog from Akamai and a story in the Washington Post, the bug has for years made users of Apple (iPhone and Mac OS X) and Google Android devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including sensitive American sites such as Whitehouse.gov, NSA.gov and FBI.gov. There are estimates from researchers that have tested sites around the world that perhaps as many as 12 per cent of Web sites could be vulnerable, many of them content distribution networks like Akamai (which says it has plugged the hole).
Find out more by going to freakattack.com, or to this site created by the researchers, who are from Microsoft Research and the Inria, French National Institute for Research in Computer Science and Control. University researcher Matthew Green has looked over their work and provides this analysis.
Note that researchers figure hackers could break the code by brute force by renting US$50 worth of server power from a cloud provider.
The solution lies in upgrading certain browsers as well as having Web sites install an OpenSSL patch released in January. Safari for OS X and iOS are vulnerable and Apple is working on fixes. The stock browser that comes with Google Android is vulnerable — but not Chrome browser — and Google is working on a fix.
Ironically, the problem dates back to a former U.S. government policy that forbade the export of strong (1.024-bit) encryption and required that weaker “export-grade” (512-bit) products that could be cracked by the NSA and other intelligence agencies be shipped to customers in other countries. While the restrictions were lifted in the late 1990s, the weaker encryption still got implemented into widely used software that proliferated around the world and back into the United States, the Post says, apparently unnoticed until this year. Typically the weaker encryption is disabled by default, but, researchers discovered, not in all implementations.
As Green writes in his blog some modern TLS clients — including Apple’s SecureTransport and OpenSSL — have a bug that causes them to accept RSA export-grade keys even when the client didn’t ask for export-grade RSA. As a result, a ‘man in the middle’ attack can force down the quality of a connection, provided that the client is vulnerable and the server supports export RSA. From there the lower encryption can be cracked.
More than one writer this week has noted the irony that NSA’s public Web site is (was?) one of the vulnerable sites.