FREAK Attack: What You Need to Know

Currently known as ‘FREAK,’ this vulnerability (CVE-2015-0204) allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography. This export-grade cryptography includes out-of-date encryption key lengths that can then easily be decrypted.

This vulnerability does not effect on SSL Certificates and does not require any action related to certificate management.

What Is the FREAK Attack and What Does It Do?

During the 90s, U.S. government set up rules for the export of encryption systems. These rules limited the strength of the RSA encryption keys to a maximum of 512 bits in any Secure Socket Layer (SSL) implementations targeted for export. Eventually the rules changed. The “export” cipher suites stopped being used and by the year 2000 browsers were able to use a higher-security SSL.

This month, a team of researchers revealed that the old export-grade cryptographic suites are still being used. They also discovered that servers with support for these export cipher suites enabled could allow a man-in-the-middle (MITM) to trick clients that support the weak 40- and/or 56-bit export cipher suites into using them and downgrade their connection. That MITM could then use today’s computing power to crack the keys in just a few hours.

The FREAK attack is possible because some servers, browsers, and other SSL implementations still support and use the weaker export-grade cryptographic suites, which lets a MITM force these clients to use export-grade keys even if they didn’t ask for export-grade encryption. Once the encryption of the session is cracked, the MITM can steal any ‘secured’ personal information from the session.

Export-grade cryptographic suites were discovered in OpenSSL and Apple’s SecureTransport (used in Chrome, Safari, Opera, and the Android and the BlackBerry stock browsers), as well as Windows Secure Channel/Schannel (a cryptographic library included in all supported versions of Windows and used in Internet Explorer).

To be vulnerable, the following criteria must be met: The server must support RSA export cipher suites; AND the client must either 1) offer an RSA export suite, 2) be using a vulnerable version of OpenSSL, 3) be using Apple SecureTransport, or 4) be using Secure Channel (Schannel).

What’s the Impact?

As of March 6, 9.5% of the Alexa top 1 million sites are vulnerable, and 36.7% of browser-trusted sites are vulnerable.

Servers that support RSA export cipher suites (e.g., TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, etc) are at risk to having HTTPS connections intercepted.

Vulnerable clients include unpatched versions of the following browsers:

  • Internet Explorer
  • Chrome on Mac OS
  • Chrome on Android
  • Safari on Mac OS
  • Safari on iOS
  • Stock Android Browser
  • Blackberry Browser
  • Opera on Mac OS
  • Opera on Linux

In addition to these browsers, a large number of embedded systems and other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites are vulnerable.

What Should I Do?

Server-Side
Disable support for all export-grade cipher suites on your servers. We also recommend that you disable support for all known insecure ciphers (not just RSA export ciphers), disable support for ciphers with 40- and 56-bit encryption, and enable forward secrecy.

Client-Side
Vulnerable clients include software that rely on OpenSSL or Apple’s Secure Transport (i.e., Chrome, Safari, Opera, the Android and BlackBerry stock browsers), or Windows Secure Channel/Schannel (i.e. Internet Explorer).