FREAK Attack?

  • Post author:
  • Reading time:2 mins read

Another potentially dangerous vulnerability called FREAK (Factoring Attack on RSA-EXPORT Keys) is being true to its name and is freaking out all Android and Apple device users. This SSL/TLS vulnerability has over the years exposed millions of Android and Apple devices to attacks when they visit supposedly ‘secured’ websites, which is what makes it dangerous. A vulnerability management tool can stop this danger.

This vulnerability with CVE-2015-0204 allows man in the middle (MitM) attack enabling hackers to force clients to downgrade connections from ‘strong’ RSA to ‘export-grade’ RSA or 512 bit RSA cipher suites. A patch management tool can remediate this CVE.

FREAK is similar to POODLE which allowed hackers to downgrade the entire SSL/TLS Internet-communication security suite to the weakest possible version. FREAK affects only those SSL/TLS implementations that accept export versions of protocols that use the RSA encryption algorithm. It is possible to carry out this attack when a vulnerable device connects to an HTTPS-protected website.

How you can stay secure:

We encourage all Android and Apple device users to check for top vulnerable websites and ask all web server administrators to disable support for export-grade cipher suites, including all known insecure ciphers, and enable forward secrecy.
You can also use an online tool to check if a website is vulnerable or not.

At the moment, Windows and Linux end-user devices are not believed to be affected. We will keep you posted if that changes!