Researchers Find New 'FREAK' Security Flaw, Apple Says Fix Coming Soon
Researchers have recently uncovered a major security flaw in software created by companies like Google and Apple, leaving many devices vulnerable to hacking attempts, reports
The Washington Post. Called "FREAK" (Factoring Attack on RSA-EXPORT Keys), the vulnerability stems from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States.
These restrictions were lifted more than a decade ago, but the weaker encryption has continued to be used by software companies as a result of the old policy and it has even been built into software in the U.S. The existence of lingering "export-grade" encryption was unnoticed until this year, when researchers found they could force browsers to use lower-grade 512-bit encryption and then crack it.
Hackers could potentially employ the same tactic, cracking weak encryption and then stealing passwords and other information. Researchers also believe the vulnerability could be used to launch attacks on and infiltrate major websites. In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.
"We thought of course people stopped using it," said Karthikeyan Bhargavan, a researcher at the French computer science lab INRIA whose team initially found the problem during testing of encryption systems.
Nadia Heninger, a University of Pennsylvania cryptographer, said, "This is basically a zombie from the '90s... I don't think anybody really realized anybody was still supporting these export suites."
As pointed out by
The Washington Post, the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security. Government officials have
recently expressed concern over the privacy features that Apple and Google have been building into their smartphones in response to outrage over secretive government surveillance programs
like PRISM.
FBI Director James Comey has made remarks suggesting Apple and Google should scale back encryption, as government access to electronic devices is necessary in some cases. He has said that it may matter a "great, great deal" that the government be able to infiltrate the device of a kidnapper, criminal, or terrorist.
The researchers who discovered the flaw have notified government sites and major technology companies to fix the issue before it became widely publicized. FBI.gov and Whitehouse.gov have been fixed, and according to Apple spokeswoman Trudy Miller, Apple is preparing a security patch that will be "in place next week for both its computers and its mobile devices."
Recent Mac and iOS Blog Stories •
AT&T Modio LTE Case for Wi-Fi iPad Mini Launches March 20 for $49.99 with Contract •
Pebble Introduces 'Pebble Time Steel' Following Successful Kickstarter Campaign •
iCloud Photo Library: What You Need to Know •
Google's New Take on Mobile Payments Puts Focus on Developers With Android Pay •
IBM Expands MobileFirst for iOS Portfolio With Three New Apps •
Next-Generation iPhones Said to Feature Force Touch, Lack Dual-Lens Camera System •
SanDisk Announces 128GB iXpand Flash Drive and Updated Sync App With Touch ID •
Apple Watch Debut in 'Style' Suggests Space Gray Pricing May Start at $349<img width='1' height='1' src='
http://rss.feedsportal.com/c/35070/f/648327/s/43ff72e9/sc/21/mf.gif' border='0'/><br clear='all'/>
<a href="
http://da.feedsportal.com/r/222166771283/u/49/f/648327/c/35070/s/43ff72e9/sc/21/rc/1/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/222166771283/u/49/f/648327/c/35070/s/43ff72e9/sc/21/rc/1/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/222166771283/u/49/f/648327/c/35070/s/43ff72e9/sc/21/rc/2/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/222166771283/u/49/f/648327/c/35070/s/43ff72e9/sc/21/rc/2/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/222166771283/u/49/f/648327/c/35070/s/43ff72e9/sc/21/rc/3/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/222166771283/u/49/f/648327/c/35070/s/43ff72e9/sc/21/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/222166771283/u/49/f/648327/c/35070/s/43ff72e9/sc/21/a2.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/222166771283/u/49/f/648327/c/35070/s/43ff72e9/sc/21/a2t.img" border="0"/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="//feeds.feedburner.com/~r/MacRumors-Front/~4/VT73Z-pS708" height="1" width="1" alt=""/>
Source:
Researchers Find New 'FREAK' Security Flaw, Apple Says Fix Coming Soon
