The FREAK HTTPS exploit: Now even easier, affects 2,000 iOS, Android apps
The FREAK HTTPS exploit: Now even easier, affects 2,000 iOS, Android apps
A few weeks ago, we covered the FREAK (Factoring attack on RSA Export Keys) issue, and how building a backdoor into encryption standards more than twenty years ago isdamaging security today. A recent set of announcements has confirmed that the potential for abuse is even higher than we realized.
First, there’s evidence that thousands of servers that still accept the weakened RSA_EXPORT key (9.7% of all servers) often share a modulus. In theory, each 512-bit RSA key should need to be cracked individually, at an estimated cost of about $9,000 in Amazon server cloud time. In practice, modulus values are often shared between servers — as Ars Technica reports, in one case, 28,394 servers were all using the same modulus. This means that an attack against that key opens 28,393 additional doors.
Worse, flaws within the methods that were used to generate the moduli themselves can be exploited to crack the RSA keys even more quickly — researchers working on an eight-core Xeon were able to perform 90 factorizations in under three minutes in less than 2GB of RAM.
But wait, there’s more!
We’ve previously discussed how various browsers in iOS and Android were vulnerable to FREAK-style hacking, but the security team at FireEye has recently done a survey of whether the apps on each platform can be hacked with a FREAK-style attack. The team scanned 10,985 popular Android applications with more than one million downloads, and found that 11.2% of them are vulnerable to a FREAK attack. Of that 1,228, 664 use Android’s OpenSSL library and 564 use their own compiled OpenSSL library. Both are vulnerable to FREAK.
On the Apple side, there are fewer applications with vulnerabilities (771 out of 14,079, or 5.5%), but they remain vulnerable to FREAK if the client device is running any OS below iOS 8.2. Of the 771 applications, just seven of them have their own vulnerable version of OpenSSL, and therefore remain vulnerable even when using OS 8.2.
Intercepting application traffic can be a potent way of gaining access to a person’s individual records or data — if nothing else, it captures a username and password that may be shared across multiple accounts. The difficulty of updating all aspects of the platform underscores the need to design robust libraries up front and avoid the use of backdoors. While it’s difficult to secure code, it’s at least plausible to find and squash the most egregious bugs before a product ships. Once devices are in the hands of consumers, it’s next to impossible to patch all the holes — the ecosystems are too large, and too varied.
If you’ve already patched up your browsers, there’s not much more to be done at this point. As things stand, there’s no way to know which iOS or Android applications cause this behavior, though apps that access the Internet through their own browsers or windows are most likely to be a risk. Windows users should make sure they’ve fully patched their systems as well.
malikmuddser