Skip to Main Content

Security experts are FREAKing out: new OpenSSL vulnerability

As any good and mind blowing (for most people) vulnerability, it has a nice name – FREAK, a CVE number – CVE-2015-0204  and a dedicated website

FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to computer scientists at the University of Michigan.

This time, the vulnerability can allow hackers to perform a Man In The Middle(MITM)  attack on traffic routed between a device that uses the affected version of OpenSSL and many websites, by downgrading the encryption to an easy to crack 512 bits (64KB).

A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.

To be affected, devices must use the vulnerable version of OpenSSL. The problem is that OpenSSL is embedded sometimes in the firmware of the device like those running Apple’s iOS, Google’s Android. This makes the patching anything else than trivial. IfApple and Google will hurry up to patch their devices, not the same is going to happen with embedded devices that have the affected OpenSSL library in a firmware burned in a chip.

How is the attack happening?

If an attacker can monitor the traffic  flowing between vulnerable devices (that is, running the vulnerable OpenSSL) and websites (that use the same vulnerable OpenSSL) they could inject code which forces both sides to use 512-bit encryption, which they can then crack in a matter of hours using the power of cloud computing.

It would then be technically pretty straightforward to launch a MITM by pretending to be the official website.

OpenSSL released a patch to the problem in January 2015, while Apple plans to do so next week and Google has released one to its Android partners.

As you can see, it is not trival to perform the MITM attack: special skills, a special environment and special tools are required to make use of this vulnerability. So, this makes FREAK a more theoretical vulnerability.But, this doesn’t mean that it is less dangerous.

However, as many times in the past, good intentions are badly implemented and the page is generously helping attackers to find which servers are affected. On that page the researchers from University of Michigan have published the top 10K domains listed by website.

Who is affected?

Websites that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) are at risk to having HTTPS connections intercepted.

You can check whether a website supports RSA_EXPORT suites using the SSL FREAK Check available at this page.

This post is also available in: German

Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.