Security experts have warned of a major new SSL vulnerability which could allow hackers to perform a Man in the Middle (MITM) attack on traffic passing between Android or Apple devices and potentially millions of websites, by downgrading encryption to a crackable 512-bits.
FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to computer scientists at the University of Michigan.
On the client side it affects many Google and Apple devices – which use unpatched OpenSSL – as well as embedded systems, and “many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites,” UMich scientists said in a web post.
The attack, which was originally discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team, effectively exploits an anachronism – the US government policy of the 1990s which placed cryptographic export restrictions at a then-unbreakable 512-bits.
Unfortunately, although such restrictions have since been eased, the backdoor remained in many sites.
Affected servers and clients are those that support RSA export cipher suites or a version of OpenSSL vulnerable to CVE-2015-0204.
If attackers can monitor the traffic flowing between vulnerable devices and websites they could inject code which forces both sides to use 512-bit encryption, which they can then crack in a matter of hours using the power of cloud computing.
It would then be technically pretty straightforward to steal passwords and other information and launch additional attacks against the targeted site.
OpenSSL released a patch to the problem in January, while Apple plans to do so next week and Google has released one to its Android partners.
Website owners around the globe will also be rushing to tweak their servers so that they can no longer be forced to downgrade encryption.
Some major sites including those of the FBI and NSA were said to have been affected.
Andrew Avanessian, EVP of consultancy and technology services at Avecto, argued that the new flaw highlights the dangers of failing to remove outdated technologies as new ones come along.
“Since we can’t predict the future, the best option is to be as secure as technology allows,” he added.
“Organizations should not only be looking at what to add but what to remove as part of a strong patch management and update process. Ultimately, security is a journey not a destination and all aspects need to continuously evolve as you move forward.”
Ollie Whitehouse, technical director at NCC Group, argued that the fact Java is affected will have “long lasting repercussions.”
“According to Oracle’s own statistics, 100% of Blu-Ray players and 125 million televisions ship with Java. That is a huge number of devices that are at risk,” he said.
However, Phil Lieberman, CEO of Lieberman Software, cautioned that the attack is a “more or less a hypothetical threat” requiring a “a sophisticated attacker with a set of tools and technology not in common use.”
“The mechanism described is a valid methodology, but it depends on physical compromise of your connection and a series of lucky coincidences like you running the right browser and hitting the right websites, for now,” he added
“FREAK is a low probability threat, so little needs to be done. If customers are running web sites or embedded systems that they believe might be compromised by nation states using this technique, they will need to upgrade their web servers to use a more modern version of OpenSSL. Similarly, customers may want to also update their browsers to versions that disallow use of ‘weak’ encryption.”