Skip to main content

Here's exactly why FREAK is such a dangerous exploit

It was a case of another month, another flaw revelation this week.

Although we have seen zero-days in 2015 primarily affecting Adobe’s Flash software, this week a story picked up from the great threats of 2014 with 2015’s FREAK. The “Factoring attack on RSA-EXPORT Keys” flaw uses an encryption protocol from the early 1990s to intercept vulnerable clients and servers, and force them to use ‘export-grade’ cryptography, which can then be decrypted.

Matthew Green, cryptographer and research professor at Johns Hopkins University, explained that upon the invention of SSL in the early 1990s, the United States maintained a rigorous regime of export controls for encryption systems and in order to distribute crypto outside of the US, companies were required to deliberately ‘weaken’ the strength of encryption keys. 512 bit encryption was designed to ensure that the NSA would have the ability to ‘access’ communications, while allegedly providing crypto that was still ‘good enough’ for commercial use.

This ruling was eventually lifted, but the EXPORT ciphersuites remained and that is where the vulnerability remains. Patches are due from Apple and Google for their mobile browsers, but in the meantime cloud services and some websites remain vulnerable.

Following the revelations of the Heartbleed bug last year, I spoke with Veracode’s Chris Eng about one of the causes, which he identified as being because most software is not written entirely from scratch. “Only ten per cent of code is, and 90 per cent comes from other libraries and products, such as OpenSSL,” he said.

So in the case of FREAK, is this due to the same problem? How was this code allowed to remain in use since the early 1990s, and is this more example of the need for original, secure code to be created rather than using flaw-filled code sets?

Andrew Manoske, senior product manager at AlienVault, said that FREAK’s existence betrays some hard questions that apply far beyond crypto suites: should we re-invent the wheel by developing new software supposedly without the flaws of yesteryear? Or should we continue to use tried and tested libraries with the knowledge that there could be serious problems either with old exploitable bugs hidden within the software? Even then – when we’ve made our decision on what technology we should use – how far are we willing to go and how much are we willing to spend to enforce that decision?

He said: “The last question is the most pertinent for FREAK. The export key lengths exposed via the FREAK vulnerability have been considered insecure for some time now, and neither NIST nor NSA endorse their use given how easy it is to brute force such encryption.

“The expense of properly removing these now-insecure encryption schemes can be onerous – as evidenced in the decision by some software vendors not to patch to non-vulnerable versions of SSL and TLS.” He made the reference that “we’re okay with throwing the baby out with the bathwater as an industry, we’re not so great at cleaning the tub afterwards”.

Mark James, security specialist at ESET, said that using older code will always potentially pose security risks, as newer techniques are found to exploit or circumvent the very means we think are there to protect us.

“Using newer more secure code will often limit the time it takes to patch these problems, but as with any software it will always be at risk,” he said. “We will never have 100 per cent secure code and will always be playing cat and mouse between the good and bad guys.”

Likewise Rob Sobers, director of inbound marketing at Varonis, said that as long as there is software, there will be security vulnerabilities in software. He said: “The bug was allowed because nobody knew it was a bug until now. That’s just how software works. Sometimes you just need the right person at the right time with the right inputs to expose a vulnerability. The important thing is that once a vulnerability is disclosed, we fix it.”

The consensus seemed to be that this flaw is not as bad as Heartbleed, and even paled in comparison to Shellshock/Bashbug, and POODLE. This was mainly down to the technical expertise required to exploit the flaw, but the fact is that it exists and will likely remain to exist until it is patched everywhere and removed. Then we wait until the next great threat is announced, and start all over again.

The post As we get FREAK out, was old code to blame again? appeared first on IT Security Guru.