Are you FREAKing out about this latest cybersecurity concern?
Maybe you haven't heard, but a new SSL/TLS vulnerability has surfaced after more than decade of existence, and system administrators everywhere are shaking their heads. This past Tuesday, Factoring Attack on RSA Export Keys - abbreviated FREAK because apparently FAREK isn't as menacing - was discovered by researchers at the French Institute for Research in Computer Science and Automation and Microsoft Research.
Similar to recent security nightmares that exploited SSL backdoors, FREAK allows hackers to weaken the security of HTTPS connections between clients and servers, making it easier to crack the encryption and perform a man-in-the-middle attack.
And now, of course, you're sitting there wondering to yourself, "Which connections are vulnerable and what does it mean for me?"
So for years, millions of unsuspecting Apple and Android device users have been in danger of these man-in-the-middle attacks when they thought they were visiting secure websites.
Who could forget about last year's disastrous POODLE flaw (the only possible name less menacing than FAREK), which let attackers downgrade the security suite of the whole SSL/TLS Internet-communication to the weakest level. Even before POODLE, the Heartbleed bug (sorry to bring that back up again) enabled SSL/TLS encryption. Like POODLE and now FREAK, the Heartbleed flaw existed in OpenSSL, an open-source library of TLS and and SSL protocols established over a decade ago and used by most webservers.
FREAK is similar to these attacks in that it also exploits vulnerabilities in OpenSSL to downgrade secure connections from "strong" RSA to "export-grade" RSA cryptography, allowing cybercriminals to intercept, decrypt and access personal information.
What's the SSL flaw and which browsers are susceptible?
According to the FREAK attack tracking website, the HTTPS connection is vulnerable "if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.” As of today, the same vulnerability disclosure website reports that after further testing, the following browsers are subject to the same FREAK exploit:
Chrome on Mac OS and Android
Safari on Mac OS and iOS
Opera on Mac OS and Linux
Are 512-bit RSA keys really still being used?
Matthew Green, John Hopkins University research professor and cryptographer, points out previously held assumptions about this vulnerability in his blog post, which explains the origins of the OpenSSL vulnerabilities and the technical details of FREAK further. In his post, Green notes that the bug challenged our belief that even if export-grade RSA cipher suites were compromised, it wouldn't be possible for browsers to be forced to use a 512-bit RSA key, thus enabling the attack. Clearly though, we've learned that browsers can and now have been manipulated to downgrade encryption security.
The Washington Post also referenced Green's blog post in an article about this FREAKing flaw, explaining this misconception further. Indeed, it was largely believed that 512-bit cryptography had been discounted for being weak and therefore, people had stopped using it. The Post further explains that the security of keys encrypted websites rely on depends on their length - i.e. the number of bits they use. The less bits, the less computing power needed, and the easier it is to crack.
What's Next and How Should You Respond?
If you're worried about your webserver being attacked, you can use the SSL FREAK Check tool (screenshotted below) to determine if a website is vulnerable or not.
Watch out for Browser updates. With Google and Apple as vulnerable clients, look out for Google Chrome and Safari patches among others. Yesterday's SCMagazine.com article reported that Apple will be releasing a fix in iOS and OS X that will be available in software updates next week. In the same article, Google is quoted as claiming the following:
“We encourage all websites to disable support for export certificates. Android's connections to most websites – which include Google sites, and others without export certificates – are not subject to this vulnerability. We have also developed a patch to protect Android's connection to sites that do expose export certs and that patch has been provided to partners.”
Make sure you keep checking back to the FREAK attack tracking website for all of the latest updates. In the meantime, the site has compiled a list of the websites in the Alexa Top 10K support RSA Export Suites that you should definitely reference.
For more information on this FREAK bug, we recommend you consult the following articles and posts:
By Lily Teplow
By Brian Downey
By Dave LeClair