Skip to main content

How the FREAK flaw intercepts and decrypts SSL traffic

A fresh SSL vulnerability has been detected, which allows attackers to intercept HTTPS connections.

Named FREAK, it intercepts vulnerable clients and servers and forces them to use ‘export-grade’ cryptography, which can then be decrypted.

With many Google and Apple devices vulnerable and a patch due from Apple next week, the details of the flaw claim that it exists if a server accepts RSA_EXPORT cipher suites, and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL, then it is vulnerable to CVE-2015-0204.

Specifically vulnerable are websites that support RSA export cipher suites. Users are recommended to disable support for export suites if you run a web server, and instead of simply excluding RSA export cipher suites, to disable support for all known insecure ciphers and enable forward secrecy.

A full list (opens in new tab) of vulnerable websites includes news websites, recruitment sites and financial services companies, with the likes of American Express, Groupon and Lamborghini all at risk.

Nigel Hawthorn, EMEA director of strategy at Skyhigh Networks, has commented on the matter: “If the website or cloud service you are accessing is built around Apache, and many are, FREAK is a serious vulnerability. Until patches are made, it’s a case of pitting 90s technology against modern hackers – which is no contest.

“I’m old enough to remember the early days of the internet, when encryption was pretty pitiful. The fact that base levels of encryption are still accessible on so many websites is alarming.

"In theory, these low levels allow any device to communicate with any website using the strongest encryption possible. However, no one is accessing their bank account from an Acorn Computer and FREAK serves as a timely reminder that they should be put out to pasture.

“This is a potential vulnerability not just for websites but also for cloud services and our data shows that nearly 800 cloud services remain vulnerable.

"We recommend enterprises check the services that their users are accessing – both sanctioned cloud services and shadow cloud services. We’re talking about a sizable portion of the internet that’s vulnerable, and a very real threat."

The post FREAK flaw allows SSL traffic to be intercepted and decrypted (opens in new tab) appeared first on IT Security Guru (opens in new tab).