Yet another flaw has been discovered in open-source online encryption protocols. This one's a direct result of United States government policy, even though its victims included the websites of the White House, FBI and National Security Agency.
The FREAK vulnerability, short for Factoring attack on RSA-EXPORT Keys, allows attackers to force many devices, including iOS and Android mobile devices, to downgrade their encrypted connections to use weaker cryptographic keys.
FREAK exists because during the 1990s, the U.S. government considered encryption to be a weapon and forbade the use of strong encryption keys. Hence, two versions of many protocols, including the widely used RSA protocol, were created -- one using strong keys for use in the U.S., and an "export" one that used weaker keys, for the rest of the world.
Due to this mismatch, many pieces of software that used encryption had to be able to use both the strong and weak versions, and as a result, put the weaker "export" ones on their own lists of acceptable protocols.
The encryption export controls were lifted by 2000, but many widely used pieces of software still accept export keys. There are safeguards built into the universally used SSL/TLS suite of secure-networking standards to prevent forced downgrades to weaker keys, but the FREAK flaw allows attackers to get around those safeguards.
FREAK is similar to last fall's POODLE flaw, which allowed malicious machines to downgrade the entire SSL/TLS Internet-communication security suite to the weakest possible version. FREAK affects only those SSL/TLS implementations that accept export versions of protocols that use the RSA encryption algorithm.
The export version of the RSA encryption protocol used 512-bit keys, which seemed reasonably strong in the 1990s, but which can now be cracked in a few hours using cloud computing services such as Amazon Web Services.
Vulnerable software was found on many Web browsers and server software that run millions of websites, including AmericanExpress.com, Groupon.com, Bloomberg.com and MIT.edu. Also on the list were WhiteHouse.gov, IRS.gov, NSA.gov and the FBI tipline, tips.fbi.gov. A long list of vulnerable sites can be found on freakattack.com.
The FREAK flaw was discovered last fall by a team of researchers at the INRIA institute in France and at Microsoft. Since then, administrators of vulnerable websites had been secretly notified so that they might patch their servers before word of the flaw became generally known. The flaw finally leaked out yesterday afternoon (March 2) in a quiet but public blog posting by Web-services provider Akamai Technologies.
Unfortunately, users of iOS and Android mobile devices are going to have to sit tight until Apple and Google push out fixes. Apple will likely have one ready in a few days; as is often the case, the Android rollout may depend on the cooperation of device manufacturers and wireless carriers.
- Encryption: What It Is, and How It Works for You
- Best Android Security Apps
- 7 Ways to NSA-Proof Your Smartphone