‘FREAK’ Security Flaw Puts Apple and Android Browser Users at Risk

‘FREAK’ Security Flaw Puts Apple and Android Browser Users at Risk

The Washington Post reports that a major security flaw, dubbed “FREAK,” has been discovered by researchers in some software, including Apple’s Safari and Google’s Android AOSP browsers, that leaves many devices vulnerable to hacking attempts.

'FREAK' Security Flaw Puts Apple and Android Browser Users at Risk


Called “FREAK” (Factoring Attack on RSA-EXPORT Keys), the vulnerability stems from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak “export-grade” products to ship to customers outside of the United States.

While the restrictions were lifted more than a decade ago, software companies continued to use the weaker encryption, and has even been used in software intended for use in the United States. The continued existence of the “export-grade” encryption went unnoticed until recently, when researchers found they could force browsers to use the lower-grade encryption, and then crack it.

Hackers could potentially use the same tactic to allow them to steal passwords and other personal information, as well as launch attacks on websites. In testing, the export-grade encryption key was cracked in seven hours, and more than a quarter of encrypted sites were found to be vulnerable.

“We thought of course people stopped using it,” said Karthikeyan Bhargavan, a researcher at the French computer science lab INRIA whose team initially found the problem during testing of encryption systems.

Apple is creating a client-side patch for the issue on both iOS and OS X likely ready by next week, while the INRIA, IMDEA, and Microsoft researchers who discovered the flaw have been working to notify hosts who are still serving export ciphers.

  1. 875440 745616You will uncover some fascinating points in time in this post but I do not know if I see all of them center to heart. Theres some validity but I will take hold opinion until I appear into it further. Amazing post , thanks and we want considerably more! Added to FeedBurner too 416808

  2. 173577 357329Extremely instructive and excellent bodily structure of subject matter, now thats user pleasant (:. 845249

  3. 502750 651080so considerably great details on here, : D. 770449

  4. 714171 94863Oh my goodness! an superb post dude. A lot of thanks Nonetheless We are experiencing issue with ur rss . Dont know why Not able to sign up to it. Could there be anybody finding identical rss dilemma? Anyone who knows kindly respond. Thnkx 124647

  5. nova88 says:

    634306 122367This will probably be a terrific weblog, would you be interested in doing an interview about just how you developed it? If so e-mail me! 539015

  6. 172280 904855The Case For HIIT Cardio – Why You ought to Concider it By the way you may want to check out this cool internet site I found 752087

Leave a Reply

Your email address will not be published.