FREAK, a vulnerability that reduces security in Android and Apple users
A group of investigators, named SMACK, have discovered several vulnerabilities in OpenSSL and Apple's TLS/SSL, that could allow a MiTM attack, degrading the security of the connections, moving from a robust RSA encryption to a weak one, called export-RSA with key size 512.
They are affected multiple systems, including Android, Linux, Apple OS and Windows.
References:
- 03/03/2015 washingtonpost.com ‘FREAK’ flaw undermines security for Apple and Google users, researchers discover
- 03/03/2015 cryptographyengineering.com Attack of the week: FREAK (or 'factoring the NSA for fun and profit')
- 03/03/2015 freakattack.com Tracking the FREAK Attack
- 06/03/2015 securityaffairs.co/ Time to make you secure from FREAK Vulnerability
- 06/03/2015 incibe.es Vulnerabilidad en todos los productos Microsoft Windows
- 06/03/2015 cert.org SSL/TLS implementations accept export-grade RSA keys (FREAK attack)