FREAK Vulnerability affecting IOS and Android Devices


patch

Freak (Factoring attack on RSA-EXPORT Keys) is a vulnerability that was recently discovered that affects IOS and Android devices.  The vulnerability tricks browsers to revert back to outdated encryption standards.  This could essentially allow someone to sniff the traffic over the wire and decrypt.  A study done by researchers at the University of Michigan determined that nearly one third of websites are still vulnerable.

 

 

According to www.freakattack.com, the following browsers are still vulnerable:

Internet Explorer
Chrome on Mac OS and Android
Safari on Mac OS and IOS
Blackberry Browser
Opera on Mac OS and Linux

The vulnerability forces the browser to use a weak 512-bit key which can be decrypted within hours.  More information on the vulnerability is available at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204.

 

Picture by small_realm on Flickr via CCL 2.0.