Emerging Threat - FREAK

March 17, 2015 | Garrett Gross
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

There is quite a buzz around the newly disclosed FREAK (Factoring attack on RSA Export Keys) vulnerability, affecting major browsers, servers, and even mobile devices. When exploited, this vulnerability allows an attacker to force you (or the systems in your environment) to downgrade to a weaker grade of encryption, giving the attacker a better chance of decrypting (and then stealing) your information.

While most major hardware/software vendors and owners of websites have patched this flaw, many are still susceptible to this type of attack. Based on scans done by the University of Michigan team (instrumental in disclosing this flaw), an estimated 36.7% of the 14 million websites offering browser-trusted certificates were vulnerable at the time of disclosure. This includes some high profile pages like nsa.gov, irs.gov or even the omnipresent connect.facebook.com (the source of all Facebook “Like” buttons).

The Freak vulnerability allows:

  • An attacker to intercept your sensitive, encrypted, web sessions via a man-in-the-middle attack, putting you and your clients at risk.
  • An attacker can redirect users to malicious sites and harvest credentials, allowing them to pivot and attack your environment directly and steal your sensitive data (intellectual property).
  • An attacker to force weak encryption to make stealing your data easier

This vulnerability is wide-spread, affecting every Windows version, Apple’s mobile and desktop operating systems, and Google Android.

Since the exploitation of this vulnerability relies on forcing you to use weaker encryption, our AlienVault Labs team has released several IDS signatures as well as a correlation rule to identify when vulnerable servers or clients are being forced to offer weak encryption due to the FREAK vulnerability.

You can get more details on the latest USM threat intelligence updates here.

Garrett Gross

About the Author: Garrett Gross

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

Read more posts from Garrett Gross ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial