Home » Antivirus » FREAK Attack – Apple and Android Browsers at Risk

A latest Internet vulnerability is affecting renowned SSL clients across the web. Experts named it FREAK; this flaw lets malicious codes and hackers to force servers to automatically downgrade to damaged ciphers. Once this is done, the hackers can easily access through all encrypted communications of these weakened servers via latest Man-In-The-Middle (MITM) attacks. If all that seems a bit difficult, this blog aims to ease it for you and give you the information on how the FREAK attack affects you.

FREAK Attack – Apple and Android Browsers at Risk

How did this attack start off?

The start of this attack lies in the difficult and dark world of United States diplomacy and international relations in the early 1980’s. A policy at that time forbade the export of software products with powerful encryption. As a result, weaker export-grade products were then shipped to other countries. While this policy was removed in the 1990’s, this ‘easy to breach encryption’ somehow became fixed in various software products of the time and was never actively repaired until many years later.

While some developers ultimately shifted to stronger encryption over time, this flaw stays inherent in many products. Hackers slowly discovered methods to force servers to switch to this weaker encryption so that they could easily intercept their information with MITM attacks.

Why this attack is referred as ‘FREAK’?

The terminology of FREAK has been invented to symbolize “Factoring Attack on RSA-EXPORT Keys”.

What can hackers really do via FREAK?

This attack allows malicious people to interrupt web browsers and crack them over a few hours. This would allow the attackers to steal confidential passwords and other vital data. This could lead to various other privacy and security problems in turn. It can also allow attackers to take control over particular elements on web pages.

Right now the FREAK vulnerability majorly affects Apple Safari and Android web browsers. The Google Chrome browser installed on Android phones is not vulnerable. But, the in-built web browser is quite weak for this attack. Searches carried out on the in-built Google search engine site are also not weak.

Google has accounted that it has total solutions to its partners i.e. the manufacturers of Android devices. But it finally lies in the hands of these OEMs to apply the solution in order to care for their users. Apple is in the practice of finding and trying to apply a solution for this purpose and intends to launch the fix within a week.

How can you learn more about FREAK?

A good way for finding out which websites are affected and for extra reading on the topic can be found on freakattack.com. Some popular websites that are affected by this weakness are as follows:

  • Gaana
  • Jabong
  • Business Insider
  • Airtel
  • ZDNet
  • American Express
  • Tiny URL
  • National Geographic
  • Zomato
  • Axis Bank

These and many other renowned websites are vulnerable to FREAK. If you continuously visit and use these websites you have to be very careful. Experts have also claimed that 35% of browser trusted websites are vulnerable. This basically means that 1 in 3 sites that you explore could be at risk. Another good way for extra information on FREAK is this blog post as well as a book by Matt Green who is investigating this defect.

FREAK comes along at a time when experts all over the globe are basically struggling with the moral problem of gaining access into people’s personal gadgets and accounts for law enforcement purpose. They are also dealing with strong encryption expertise executed by device makers and their difference to grant these ‘open doors’ into gadgets.

The Trend Micro Antivirus is also investigating this fault further and we will be posting updates on FREAK from time to time. The Trend Micro Antivirus can also help to clean the registry and fix the errors present in the PC.