Tech Made Simple

Hot Topics: Holiday Gift Ideas | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

FREAK Security Flaw Puts Safari, Android Browsers at Risk

by Fox Van Allen on March 04, 2015

Encryption security concept with red open lockSecurity researchers have just discovered an incredibly dangerous security flaw in the Apple Safari and Google Android web browsers that has existed for over a decade, the Washington Post is reporting. The flaw allows for so-called factoring attacks on RSA-EXPORT keys (or FREAK for short) that would allow hackers to intercept and decrypt HTTPS-protected web communications between millions of sites, including AmericanExpress.com and FBI.gov. There is no evidence that hackers are actively exploiting the flaw, setting up a race between security teams at Apple and Google and malicious would-be hackers.

The most frustrating part of this security flaw may be the fact that it is sourced from antiquated government rules forbidding strong cryptography protection. In the 1990s, the Clinton administration required that any software or hardware exported to other countries deliberately weaken their encryption to 512-bit export-grade levels. It was supposed to be strong enough to protect against everyday hackers, but weak enough to allow the NSA to break in. That shortsighted rule has long since been lifted, but vestiges of the 512-bit encryption scheme still live on, hidden inside modern browsers. A man-in-the-middle attacker can request secure traffic to some websites be downgraded to weak export-grade levels, making it far easier for hackers to steal login credentials, intercept online banking transactions and more.

Both Apple and Google are hard at work on a fix for this security issue, due next week or sooner. In the meantime, you’ll want to exercise caution when accessing websites on your mobile device. Don’t use your phone or computer’s default browser to access sensitive content, like an online banking account. For that, use the Firefox browser for PC, Mac, iOS or Android – it appears to be protected against FREAK attacks.

To learn more about the FREAK vulnerability and to test whether the browser you’re currently using is vulnerable, visit the site freakattack.com.

[Lock security concept via Shutterstock]


Topics

Computer Safety & Support, News, Computers and Software, Internet & Networking, Blog


Discussion loading

gravatar

From Michelle Gauvin on March 07, 2015 :: 1:11 pm


what about using google chrome on iphone and mac?

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.