New "FREAK" Vulnerability Can Allow Attackers To Decrypt Encrypted Communications

A newly discovered vulnerability, dubbed, “FREAK”, that could allow attackers to intercept and decrypt encrypted traffic between browsers and web sites via a Man-in-the-Middle (MitM) attack, was discovered on March 3rd, 2015 by researchers. Once an attacker has cracked the encryption code, it is possible for the attacker to steal passwords and other sensitive personal information.

This vulnerability has existed since the late 90s, as a forgotten part of the coding within many Google and Apple products. In addition to Google and Apple products, this vulnerability affects the Transport Layer Security (TSL) and Secure Sockets Layer (SSL) security built into the web browser. These security tools are used to encrypt the transmission of data between web browsers and servers (websites). You will know you are using these protocols when you see the HTTPS and padlock in your browser’s URL bar. Hackers can force browsers to use an older, weaker form of encryption that can be cracked to easily decrypt messages.

Apple has stated “We have a fix in iOS and OS X that will be available in software updates next week.” Google also addressed the matter, saying that it has developed a patch for the Android operating system’s browser and has provided it to their partners, which are the companies that manufacture Android devices and are responsible for providing software patches to the operating system.

 

How To Stay Safe From This Vulnerability

Users of Google Android devices are advised to use the Chrome web browser rather than the default Android browser until a patch is issued. Users of Apple desktop and mobile devices should not use the Safari browser until the patch is issued.
Browsers such as Firefox or Chrome are not affected and can be used as a safe alternative.

To see if your favorite websites are affected by this vulnerability, you can use our free tool to check!