High level security researchers recently discovered a vulnerability in all supported versions of Microsoft Windows that affects the security afforded by industry-standard encryption protocols. This flaw, which has been dubbed “FREAK” (Factoring RSA Export Keys), was originally thought to only affect Apple’s Safari and Google’s Android browsers, but has now been found to affect all versions of Microsoft Windows as well. Specifically, Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are the encryption protocols within Windows that are vulnerable to FREAK.
This vulnerability allows a hacker to forcefully downgrade the cipher suites used in SSL/TLS connections on any Windows client system. The same vulnerability is also present in OpenSSL’s TLS implementation (although newer version of OpenSSL have already been patched against FREAK), Apple’s SecureTransport protocol, and the Schannel TLS library which is integrated into Microsoft Windows.
This blog recently covered the ‘Superfish’ adware vulnerability pre-installed in all Lenovo PCs which allows hackers to perform a man-in-the-middle (MITM) attack capable of intercepting supposedly encrypted data.
Interestingly enough, FREAK works in a very similar fashion. Once a hacker initiates a MITM attack, the connection between the client and the destination server can be modified to use a much weaker HTTPS encryption scheme that would normally be red-flagged by the operating system. This low-level encryption is known as “export grade” RSA encryption and was originally used in the 1990s when the United States required exported encryption to be intentionally weakened. The idea of using export grade encryption was largely abandoned by 2000, but much of the code remains embedded within popular Web browsers and operating systems.
Modern encryption is nearly impossible to crack without a warehouse full of supercomputers and a lot of time, but export grade RSA encryption can be cracked in a matter of hours by a high-end personal computer. The problem is made worse by the fact that many servers use the same RSA key over and over again to save processing power that would normally need to be devoted to generating a unique key for every client-server session. This means that once a hacker has figured out the RSA key, the result could be used to decrypt other sessions without having to decrypt the encryption key every time. In other words, once the RSA key has been cracked, no session is safe from the prying eyes of cybercriminals and any information transferred between a client and the compromised server is viewable by the hackers responsible for the attack. This could include sensitive personal and financial information that could be used for identity theft or online banking fraud.
FREAK also shares another similarity to the Superfish vulnerability in that once the RSA key has been cracked, it can be used to sign traffic using that key.
This means a malicious website could appear to be a trusted third party. Researchers have already proved this possible by creating a fake NSA.gov website that is signed with the legitimate RSA encryption key from the actual NSA website. While OpenSSL versions 1.0.1k and above are not affected by this vulnerability, all Windows operating systems, OS X, and the default Android browser are still vulnerable until a patch has been released. This means there is no way to protect your PC from this threat and great care should be taken when relying on HTTPS connections until a formal patch has been released. Microsoft expects to release a security patch this Tuesday to address the issue, but until that patch is released, the public knowledge of this vulnerability makes it especially dangerous.