Wednesday, 4 March 2015
FREAK Attack on Apple and Android Devices
clear

Here we go again... Back in the 90s, the US government thought they were being clever by making it illegal to export software with more than 512 byte encryption keys, which were considered good enough twenty years ago. As a result, websites were designed to step down below 512 if a visitor showed up with a browser that didn't support higher levels of encryption. As it turns out, if you are using a browser that still supports the old encryption level, hackers and bad guys can interrupt the connection between you and say, your bank, right before https is established and drop it down to a level of encryption that they can hack to get your login credentials. They still have to unencrypt your credentials, but today, this can easily be done with maybe an hour of computing time.

In particular, this flaw is seen on several mobile browsers including the one on my new Samsung S5, so be sure to check yours before visiting any sites that require a secure login.

The attack on a flaw in OpenSSL and Apple's SecureTransport effects some versions of Safari and Android browsers has been labeled FREAK (Factoring RSA Export Keys).

What can you do?

You can check to see if your web browser is vulnerable by visiting freakattack.com. If it is, you must make sure you don't visit any sites requiring a login until you update the browser.

Also, if you host your website with us, you can be confident in the knowedge that we have our servers fully updated such that your site won't allow the use of old encryption even if a vulnerable browser visits it.

If you have any questions about this, a new website design or getting found on search engines, give us a call at 877.397.7605 or contact us for more information.

clear
Posted on 03/04/2015 8:44 AM by Customer Service
Comments
No comments yet.