Friday, March 6, 2015

Don't freak out over FREAK attacks.


Don't freak out over FREAK attacks. 

On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called a FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. Everyone thought FREAK was “only” a problem for Android, iOS and OS X users, but not current Windows OS. Microsoft on Thursday issued a security advisory acknowledging a vulnerability in all versions of Windows that could allow FREAK exploits. "The vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique." Windows systems previously were thought to be immune to FREAK attacks.   With this latest addition of Windows, the list of phones, tablets and other devices whose security is vulnerable to FREAK now includes almost all of them. These sites can help web site sysops test whether they’re vulnerable.

Don't freak out over FREAK attacks. Chrome for Windows and all versions of Firefox are safe. Browsers are vulnerable to the FREAK attack because of a bug that allows an attacker to force them to use weak encryption. More browsers are vulnerable to the FREAK attack than was initially thought when the attack was announced, including:
Internet Explorer
Chrome on Mac OS (Patch available now)
Chrome on Android
Safari on Mac OS (Patch expected next week)
Safari on iOS  (Patch expected next week)
Stock Android Browser
Blackberry Browser
Opera on Mac OS
Opera on Linux

You can test your browser here:
https://freakattack.com/clienttest.html

The designers of SSL created a negotiation mechanism that would identify the best cipher both parties could support, according to cryptographer Matthew Green.

Most modern clients, such as Web browsers, won't offer the export grade cipher suites, and it was believed that few servers offered those weak suites.

However, some modern TLS clients such as Apple's SecureTransport and OpenSSL have a bug that lets them accept RSA export-grade keys whether or not the client asks for them.

"The FREAK flaw allows for feasible decryption of SSL keys in hours using a man-in-the-middle proxy to trick a Web server to use weak encryption rather than the strongest available for the client browser. The attack "could be used to decrypt users' names and passwords as well as other sensitive data that users think is protected by SSL."  according to Philip Lieberman of Lieberman Software.


Mozilla.org has a configuration guide for TLS on web servers here:

Mozilla.org also has a SSL Configuration Generator here:

No comments: