Freak SSL

What is Freak SSL Flaw and How can it be Prevented

March 13, 2015 | By Editor 

What is Freak SSL Flaw?

A new vulnerability called the Freak SSL Bug has been identified by the security experts. FREAK stands for Factoring Attack on RSA-EXPORT Keys. The Freak SSL was developed to attack the Transport security Layer (TLS) and Secure Sockets Layer (SSL) protocols that is used to encrypt sensitive data that is transmitted over the Internet. All the information, like banking passwords, credit and debit card information, login credentials that are communicated over the unencrypted network are highly at a potential risk of data loss. It performs a man-in-the-middle attack over encrypted connections that has been outdated. Microsoft’s Windows platform users with OpenSSL are the victims of the Freak SSL vulnerability.

The Freak SSL helps the hackers to seize HTTPS traffic and weakens the encryption of the communication between the server and the client. The Freak vulnerability exploits the servers that supports low graded keys are used. This probes the hacker to monitor and manage the weak connection of the victim’s server. The Freak SSL works something in similar to Heartbleed. The bug permits the hackers to secretly study and analyze about the key that is valid only for a particular communication session with the server.

When the user is communicating or performing any other means of transaction over the internet, trusting that your server is protecting your data at its best, the Freak SSL comes to change the plot. The Freak SSL flaw controls the Secure Transport software by directing them to accept the weaker encryption program. This creates a loop hole in the secure transaction and allows the hackers to sneak into the victim’s data.

The Freak SSL technique is much used by China for the purpose of spying their citizen’s communication over the internet within the country. Users can be easy vulnerble to the Freak SSL Flaw when they use airport Wi-Fi, hotel Internet services or Wi-Fi at your mall or coffee shop.

The Freak SSL flaw has not affected all the browsers. The older version of Android browser are still vulnerable to the Freak SSL flaw. It has also been found that about 5 million websites that are using the outdated version encryption are prone to this vulnerability. Most of the websites that uses SSL technology which provides a padlock icon on the address bar to ensures that the users are secured. Such SSL technology cannot be trusted as it is also prone to Freak SSL flaw.

The impact of Freak SSL flaw is widespread. All the outdated systems and those that are unpatched are vulnerable. SSL/TLS library of the Microsoft corp, called the Schannel has also been found to be vulnerable. Hence the Microsoft users were called on to disable ciphers with RSA key exchange, as it is yet to release its security patch to fix the flaw. Firefox is not prone to the flaw, while Google Chrome has come out with security fixes only for the desktop variant. Safari that works on OSX platform and iOS is ready with its security patches to fix the bug.

How to prevent Freak SSL Flaw

  • Users should be updated on the newer versions of the software they use. This up gradation will help them to stay away from Freak SSL threats and dangers that are designed to attack the outdated software.
  • Users should strictly implement the use of the advanced form of security measures to avoid the malicious attacks like Freak SSL flaws
  • It is also advised for the users to install an SSL Certificate from a genuine and authenticated Certificate authority like Comodo SSL Certificate Authority.

SSL Certificates

Posted in Freak SSL

Be Sociable, Share!

Leave a Comment


* fields are mandatory