Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Apple, Android Hit By FREAK Security Exploit
Won't be long before the same people who said "Android is Linux!" will start saying "Android is not Linux!". Note also someone is saying in the comments:
Quote:"For reference, the Komodia software we covered extensively over the past few weeks used 1024-bit keys and was broken in hours"

Thats simply not correct. The private key was hidden in plain sight inside the executable code, and was itself encrypted by a much weaker password, that was arrived at using a dictionary attack...
Quote:A recently announced security flaw, dubbed FREAK (Factoring RSA Export Keys) has significant implications for Android and Apple devices that connect to other websites via HTTPS — and offers an object lesson in why deliberately weakening cryptographic standards to allow for backdoors or other forms of “protection” is such an emphatically bad idea.

To understand the problem, we need to cover a bit of history. Back in the early 1990s, the US government treated cryptography as a matter of national security. This resulted in a split system, in which the US used one level of cryptography for domestic software, but internationally distributed programs might set a different encryption level for programs that would be deployed overseas. Netscape, for example, was distributed in both a 128-bit and a 40-bit version.

This left cryptography standards developers stuck between a rock and a hard place. Any software suite or implementation standard had to be able to support both a “strong” version of a standard and a “weak” version, with the NSA or other governmental agency demanding the “weak” version be available to ensure national security. If you follow security even at the most tangential level, you’re undoubtedly aware that government and industry bodies periodically adopt stronger security standards as cracking methods become more sophisticated and computers become more powerful. Old computer ciphers that would’ve taken decades or centuries to decode when they debuted can now be cracked in minutes, in some cases.

The government eventually lifted most of these requirements, thus allowing foreign connections to be secured by the same methods that domestic software used. Unfortunately, SSL was defined during the time period when these restrictions existed. The largest key US companies were allowed to distribute outside the US was a 512-bit RSA key. For reference, the Komodia software we covered extensively over the past few weeks used 1024-bit keys and was broken in hours; current best practice is to use 2048-bit keys.

Matthew Green, a cryptographer and researcher at Johns Hopkins University, summarizes the problem as follows:

“It turns out that some modern TLS clients — including Apple’s SecureTransport and OpenSSL — have a bug in them. This bug causes them to accept RSA export-grade keys even when the client didn’t ask for export-grade RSA. The impact of this bug can be quite nasty: It admits a ‘man in the middle’ attack whereby an active attacker can force down the quality of a connection, provided that the client is vulnerable and the server supports export RSA.”

Now, none of this would be a problem if export-RSA had actually been phased out on schedule. Remember, we’re talking about a security standard based on requirements that were lifted decades ago; Netscape was developing SSL before some of you were born. (Yes, that’s depressing).

Unfortunately, scans show that the export-RSA standard is apparently still supported by up to 36.7% of the sites serving browser-trusted certifications, including Content Distribution Networks (CDNs) like Akamai. Affected websites include,,, and, but government sites are far from the only sites affected — a full list of the affected Top 10,000 sites is available here. Crack the 512-bit key, and you’ve got a perfect man-in-the-middle scenario.

It turns out, it costs about $104 worth of Amazon EC2 server time to break a 512-bit RSA key, which makes this kind of flaw eminently practical for certain types of targeted attacks. Apple is expected to patch the problem by next week, but Android users are, in Green’s words, “screwed.” Firefox is reportedly protected for both OS X and Android, so concerned users should consider using that browser (Google is patching Chrome for Mac to make it immune as well).

Also, I fucking LOL at this:
Quote:FREAK is an example of how bad security decisions can ripple outwards for decades. The first version of SSL to be publicly deployed, SSL 2.0, launched in 1995 when a Pentium 90 was still a high-end chip. Today, we see government officials in both the US and Britain calling for limited encryption, emphasizing that there’s still a way to support the majority of public security functions while giving law enforcement the ability to break standards, and swearing that such powers will only be used for good.

Don’t believe it.

Attempting to mandate the creation of a deliberately weakened security system inevitably creates flaws and exploits that can be used to attack security infrastructure, often in ways not anticipated by the original backers of the standard. There is no way to mandate weak security that does not compromise a strong system, any more than you can dig a one-way tunnel underneath a castle wall. The only way to avoid these kinds of messes is to stop approving the initiatives that create them.
Yeah, giving law enforcement the option to break encryption by breaking standards is totally wrong, and not giving them the option thus merely delaying the inevitable breaking of encryption as computer hardware leaps in performance thanks to GPU computing power is right.
Valve hater, Nintendo hater, Microsoft defender, AMD hater, Google Fiber hater, 4K lover, net neutrality lover.
Update: Windows is hit too:
Valve hater, Nintendo hater, Microsoft defender, AMD hater, Google Fiber hater, 4K lover, net neutrality lover.

Forum Jump:

Users browsing this thread: 1 Guest(s)