Researchers have identified a new SSL/TLS vulnerability, dubbed FREAK, which can be exploited to force an HTTPS connection to use weaker and easier to crack encryption – thus, potentially opening the doors for attackers to obtain private information such as usernames and passwords.
“A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204,” according to a vulnerability disclosure website launched on Tuesday.
Essentially, the FREAK vulnerability makes it so that presumed secure communications are much less secure, Bill Weinberg, senior director of Open Source Strategy with Black Duck Software, told SCMagazine.com in a Tuesday email correspondence.
“[The communications are] not plain-text, but [it's] crackable with readily available tech,” Weinberg said, going on to add that “once the shorter key is discovered through brute force decryption, the exploit enables a range of secondary attacks on both clients and servers.”
A list of Alexa Top 10,000 websites that are vulnerable has been included on the vulnerability disclosure website, and the write-up adds that vulnerable clients include Google and Apple devices. An Apple spokesperson told SCMagazine.com on Wednesday that a fix in iOS and OS X will be available in software updates next week.
According to a Google statement emailed to SCMagazine.com on Wednesday, “We encourage all websites to disable support for export certificates. Android's connections to most websites – which include Google sites, and others without export certificates – are not subject to this vulnerability. We have also developed a patch to protect Android's connection to sites that do expose export certs and that patch has been provided to partners.”
Weinberg noted how various browsers appear to be affected differently.
“Safari and most Android-native browsers are vulnerable, but Chrome is not,” Weinberg said. “These web clients all build on open source, but make use of different versions of OpenSSL and employ different web application tool kits.”
Philip Lieberman, president of Lieberman Software, told SCMagazine.com in a Wednesday email correspondence that he considers the issue to be a low probability threat. He said that the attack is based on a series of conditions unlikely to affect most internet users.
TK Keanini, CTO of Lancope, told SCMagazine.com in a Wednesday email correspondence that he is a little more wary. He said that the vulnerability is not trivial to exploit, but he added that advanced threat actors have the capabilities to stage an attack.
“Users who need to be extra cautious here are ones who by design have an entity in the middle of their traffic,” Keanini said. “For example some nation states control Internet gateways in and out of their nation and because of this topological placement are in an optimal place to exploit everyday users.”
On the vulnerability disclosure website, web server operators are encouraged to disable support for export suites, including all known insecure ciphers, and to enable forward secrecy. Lieberman said that web servers should be upgraded to a more modern version of OpenSSL, and browsers should be updated to versions that disallow the use of “weak” encryption.
Weinberg went into the history of the FREAK vulnerability, which is more than a decade old.
“The origins of this vulnerability go back to the 1990s when the U.S. Government tried to place restrictions on the export of what it considered “weapons-grade” encryption,” Weinberg said. “The theory went that U.S. domestic communication could benefit from “strong”(er) 128-bit (and beyond) keys, but foreign communications needed to be accessible to U.S. intelligence and law enforcement, and so should not; thus, the strong encryption could not be exported legally and weaker “export-grade” encryption was born.”
He added, “Later, in the development of secure web communications, specifically in the Netscape browser, web client and host would negotiate the strongest encryption “allowed,” falling back to weaker “export” protocols as required, leaving a back door for monitoring. FREAK exploits this legacy behavior still present in between a quarter and third of all deployed web servers – a sad example of how forced backdoor can return to bite us in the backside.”
UPDATE: The FREAK vulnerability disclosure website was updated on March 5, and now states that the following browsers appear to be vulnerable: Internet Explorer, Chrome on Mac OS and Android, Safari on Mac OS and iOS, Blackberry Browser, and Opera on Mac OS and Linux.