OK, now that you will have that song in your head all day (you’re welcome) I think I have your attention! Unfortunately, we need to move on to more serious matters. There is a lot of panic today surrounding a security bug labeled FREAK. As is the case with any big news item, you can find various reports and technical details by simply typing FREAK into your favorite search engine. I’ve pulled together some highlights and helpful resources for this latest vulnerability here.
Reports started popping up on Tuesday identifying a flaw in the negotiation mechanism used to determine the security of your connections. Today, stronger encryption protocols are the standard, but weaker versions are still around due to an abandoned government policy. Essentially this flaw enables an attacker to force your connection to accept a less secure ciphersuite via a man-in-the-middle style (MITM) attack. I think it goes without saying that this is bad.
Turns out that back in the 80s and 90s, the US Government felt the need to control the encryption systems that were exported outside the country. This policy prevented a key larger than 512 bits from being exported, labeling the short key “export-grade.” As computers and research advanced, this 512-bit key became trivial to break. The Washington Post article here provided a nice graphic showing how much harder it is to break a 1024-bit key compared to an older “export-grade” 512-bit key. It should be noted that this policy has since been abandoned but “export-grade” encryption is still being supported by a very large number of sites. While there are a number of browsers affected, the most notable include Apple and Google browsers.
We should also address the name used for this vulnerability, FREAK. Since this is a Factoring attack on RSA-EXPORT Keys the name FREAK seemed fitting as it has astounded so many.
To get technical for a moment, the following steps are required to take advantage of this vulnerability (source: Matthew Green Blog):
The MITM attack would look something like this:
1. The client sends the standard “Hello” message asking for a standard strong ciphersuite
2. The attacker (MITM) would intercept and change this message to asking for the “export-grade” ciphersuite
3. The server would then respond with the weaker 512-bit key
4. The client would accept this weaker 512-bit key due to the FREAK vulnerability
5. The attacker can now attempt to exploit and recover the weak key in an effort to use that to decrypt the communications
To summarize, an attacker would have to put a reasonable amount of effort into exploiting this vulnerability and compromising communications: discover a relevant communications request, inject a change in the request, grab the key in use, and then decrypt traffic. To make matters even worse, not all servers will generate a new key per session. This means that if the attacker was able decrypt the traffic for the current session, the likelihood of that key working across sessions is high, until the server is rebooted or forced to generate a new key that is.
Researchers have simplified the above referenced steps. Visit this blog post for more detail.
How does this affect you?
Once again, this is a case of sit and wait for the average user. Patches are being provided and users need to heed the warnings and apply them. Google has stated that patches are already available for its NEW devices while Apple will release patches next week. However, Android users should note that Google has publicly stated that they will not be providing patches to current devices. Google has also said that newer phones (those purchased in the last couple of years) are “probably ok.” Also of note, the researchers who discovered the vulnerability state that Chrome and Firefox are not affected.
At this point there have been no indications of exploitation of this specific vulnerability. Patches are in the works where applicable. In time there is hope that the “export-grade” chiphersuite will be out of commission for good. Arm yourself with the knowledge, apply patches if you can and be safe out there!
To read a detailed account of the work done by the FREAK exploit researchers, visit their website: www.smacktls.com
Updated March 5, 4:02pm ET to include additional details.