FREAK Vulnerability Forces Weaker Encryption
Security researchers and news outlets are reporting about a newly discovered vulnerability believed to exist since the 90s. This vulnerability, dubbed as FREAK (Factoring RSA Export Keys), forces a secure connection to use weaker encryption—making it easy for cybercriminals to decrypt sensitive information.
Vulnerable since the 1990s
The flaw came about in the 1990s. Back then, the US government mandated that software intended for export use “export cipher suites that involved encryption keys no longer than 512 bits.” According to researchers, that kind of encryption might have sufficed in the 90s but 512-bit RSA keys can now be decrypted in about 7 hours and for only US$100 with so much computing power readily available from the cloud.
While this restriction was lifted in the late 90s, some implementations of TLS and SSL protocols still support these export–grade encryption modes.
FREAK, Out in the Open
FREAK was discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team. They found that OpenSSL (versions prior to 1.0.1k) and Apple TLS/SSL clients are vulnerable to man-in-the-middle (MITM) attacks. Once attackers are able to intercept the HTTPS communication between vulnerable clients and servers, they force the connection to use the old export-grade encryption.
Attackers who “listen” in on the communication will then be able to decrypt the information with relative ease.
Apple’s SecureTransport is used by applications running on iOS and OS X. These include Safari for iPhones, iPads, and Macs. Meanwhile, OpenSSL is used by Android browsers and other application packages. From our understanding, the attack is possible only if the OpenSSL version is vulnerable to CVE-2015-0204.
Popular Sites Affected
According to reports, 37% of browser-trusted sites are affected by this flaw. Affected sites include Bloomberg, Business Insider, ZDNet, HypeBeast, Nielsen, and the FBI. It bears stressing that there are country-specific sites that were also affected.
Addressing the FREAK Flaw
OpenSSL has provided a patch for CVE-2015-0204 in January. Apple is reportedly deploying a patch for both mobile devices and computers.
We advise Android users to refrain from using the default Android browser in their devices. They can instead use the Google Chrome app as it is not affected by the bug. Furthermore, connections to the Google search site are not affected.
According to Deep Security Labs Director Pawan Kinger, FREAK is a serious and very real vulnerability which may require some level of sophistication to exploit. However, its sophistication won’t dissuade determined attackers. Carrying out a FREAK exploit requires attackers to be able to first create a man-in-the-middle (MITM) attack against the servers. It would also require the ability to control an SSL session between client and server and then force that session to downgrade to the lower encryption level. Then, the attacker would have to take the weakly encrypted traffic and perform a brute force attack against it that would take several hours, as opposed to days or weeks with higher encryption.
We are currently evaluating its exact impact and attack mechanism on servers. For the time being, we advise businesses running websites and other server applications using export grade ciphers to upgrade their systems as well as upgrading to the latest OpenSSL. Administrators can also check if their site is vulnerable by using the SSL Labs’ SSL Server Test.
Several workarounds have been suggested by freakattack.com, a site dedicated to disseminating information about this vulnerability:
- Administrators should disable support for any export suites.
- Administrators should disable support for all known insecure ciphers and enable forward secrecy.
Trend Micro Deep Security protects users from this vulnerability through the following DPI rule:
- Openssl RSA Downgrade Vulnerability (CVE-2015-0204)
It should be noted that the DPI rule is only applicable for clients. We will be providing a rule to our customers to block export ciphers.
This entry will be updated as soon as more information is made available.