Attack on RSA-EXPORT Keys vulnerability or CVE-2015-0204) is a newly-discovered flaw in SSL/TLS, the technology which is supposed to secure your communications across the net.
The attacker needs to perform a man in the middle so they can intercept communication between client and server. Attacker intercepts the initial TCP 3-way handshake between client and server, and injects some information that forces the server to downgrade security of communication, a session key using RSA 512 bits in length. The content of the communication, as they can be intercepted, can be decrypted offline, by cracking the key in about 7 hours with the appropriate hardware.
FREAK vulnerability is similar to last year’s POODLE flaw or Padding Oracle On Downgraded Legacy Encryption, which allowed hackers to downgrade the entire SSL/TLS Internet-communication security suite to the weakest possible version. FREAK affects only those SSL/TLS implementations that accept export versions of protocols that use the RSA encryption algorithm.
Apple responded to the FREAK vulnerability and released a statement that, “We have a fix in iOS and OS X that will be available in software updates next week.”
Enables hackers or intelligence agencies to force clients to use older, weaker encryption i.e. also known as the export-grade key or 512-bit RSA keys.List of some vulnerable clients below:
- OpenSSL (CVE-2015-0204): versions before 1.0.1k are vulnerable.
- Chrome: versions before 41 are vulnerable on some platforms. Upgrade to Chrome 41.
- Android Browser: most versions are vulnerable. Use Chrome 41 instead.
- Safari: a patch from Apple is in the process of getting deployed
The flaw resulted from a former U.S. government policy that forbade the export of strong encryption and required that weaker “export-grade” products be shipped to customers in other countries, say the researchers who discovered the problem. These restrictions were lifted in the late 1990s, but the weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year.
Researchers discovered in recent weeks that they could force browsers to use the weaker encryption, then crack it over the course of just a few hours. Once cracked, hackers could steal passwords and other personal information and potentially launch a broader attack on the Web sites themselves by taking over elements on a page, such as a Facebook “Like” button.
The problem illuminates the danger of unintended security consequences at a time when top U.S. officials, frustrated by increasingly strong forms of encryption on smartphones, have called for technology companies to provide “doors” into systems to protect the ability of law enforcement and intelligence agencies to conduct surveillance.
What to do
Apple says it will be rolling out the update next week.
Android devices use another browser instead of the Default Android Browser.
Use https://freakattack.com/ to check if your browser is vulnerable.
- In the client’s Hello message, it asks for a standard ‘RSA’ ciphersuite.
- The MITM attacker changes this message to ask for ‘export RSA’.
- The server responds with a 512-bit export RSA key, signed with its long-term key.
- The client accepts this weak key due to the OpenSSL/Secure Transport bug.
- The attacker factors the RSA modulus to recover the corresponding RSA decryption key.
- When the client encrypts the ‘pre-master secret’ to the server, the attacker can now decrypt it to recover the TLS ‘master secret’.
- From here on out, the attacker sees plain text and can inject anything it wants.