A new security hole to attach against HTTPS has been found! It called FREAK Attack. FREAK (Factoring RSA Export Keys) name called hole to force the equipment to spend a considerable outdated encryption – OpenSSL, iOS and OS X tricked into using weak 1990s-grade encryption keys. Well-planned man-between-the attack of the hacker could hijack a user’s traffic and for example steal password. Abuse is based on the so-called arbitration attack (Man-in-the-Middle, MitM). According to Washington Post “FREAK” flaw undermines security for Apple and Google users: users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites.
This flaw existed and still exists widely: More than one third of encrypted Web sites – including those bearing the “lock” icon that signifies a connection secured by SSL technology – proved vulnerable to attack in recent tests .
A successful attack is the number of boundary conditions, and most important of them are:
- You must have vulnerable OpenSSL library in your system (big was fixed in January)
- Server must be incorrectly configured to support the weak RSA encryption keys.
– Attacker must be able to penetrate the data transfer between you and your target
The attack process: A vulnerable client (such as a web browser, smartphone or internet-of-thing gizmo) starts talking to a server (such as the machine behind a HTTPS website), and lists the encryption algorithms and key lengths it supports and those it prefers. An attacker able to intercept traffic between the client and the server can tamper with that message to say the client only wants weak-ass export-grade keys, such as a 512-bit RSA key. Due to bugs in OpenSSL and SecureTransport, if the server shrugs its shoulders and replies with a weak key, the client will accept it, and the encryption process begins.
This is again an old security bug. Security researchers are warning of a flaw in OpenSSL and Apple’s SecureTransport that’s a hangover from the days when the US government was twitchy and clueless about technology. This time the problem seems to originate from old security policies but had remained to be fixed for quite a bit of time: The flaw resulted from a former U.S. government policy that forbade the export of strong encryption and required that weaker “export-grade” products be shipped to customers in other countries, say the researchers who discovered the problem. The export-grade encryption had 512 bits, the maximum. This level of encryption gives very low security level at today’s computers as it can be cracked in several hours ($100 on Amazon Web Services, and a couple of hours computing). 512-bit keys used to be considered good enough 20 years ago, but 512-bit cryptography has been considered unacceptably weak for more than a decade. Even experts thought it had disappeared. But it turns that it had not completely disappeared – at least many web servers still seem to accept it.
It turns out the encryption used by OpenSSL and SecureTransport can be crippled by an attacker on your network: apps can be tricked into using weak encryption keys. A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.
Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.
It is actually already fixed in OpenSLL source code: In January, OpenSSL released a patch for the bug, CVE-2015-0204, to sort out the issue, which it ranked as “low” severity. But it is not yet widely used.
If ix on the way to devices: Apple to release fix for “FREAK” flaw next week; Google providing patch to partners but rollout timeframe unknown. And not everything in Google devices are vulnerable: Google’s Chrome browser is not vulnerable to the FREAK bug, but the browser that comes built into most Android devices is vulnerable.
Are you running a web server with HTTPS in it? Maybe you should check out your server configuration. Websites that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) are at risk to having HTTPS connections intercepted. If you run a web server, you should disable support for any export suites (instead of simply excluding RSA export cipher suites disable support for all known insecure ciphers). Mozilla has published a guide and SSL Configuration Generator, which will generate known good configurations for common servers. You can check whether your site is vulnerable using the SSL Labs’ SSL Server Test.
“There is an important lesson here about the consequences of crypto policy decisions: the NSA’s actions in the ‘90s to weaken exportable cryptography boomeranged on the agency, undermining the security of its own site twenty years later,” said Canadian security expert Professor Ed Felton. There is no way to know how widely the FREAK flaw has been used to hack Internet users, though “man-in-the-middle attacks” are popular among governments conducting online surveillance.