A group of computer scientists have revealed a dangerous security flaw that could open up many phones and other machines to attack. The worst part is that the problem has its roots in a misguided U.S. government effort to prevent consumers from having access to strong encryption.
The flaw itself comes from poor implementation of the encrypted link created between browsers and the websites that they visit. Researchers discovered that they could launch an attack from supposedly secure websites — ranging from the US government websites to banks — and force browsers to use a weaker form of encryption whose secret keys could be cracked within hours. They call it the FREAK attack (FREAK stands for Factoring RSA Export Keys).
Over at the Washington Post, Craig Timberg describes the results:
For vulnerable sites, [cryptography expert Nadia] Heninger found that she could crack the export-grade encryption key in about seven hours, using computers on Amazon Web services. This would allow hackers to conduct what experts call a "man-in-the-middle" attack to make seemingly encrypted traffic easy to read. Such attacks can be launched by anybody who has access to Internet traffic, including governments, Internet providers and coffee shops or airports that offer wifi hotspots.
But how could so many sites and browsers be vulnerable to such a dangerous attack? The answer is depressing. It's actually the result of U.S. government policies to build weaker encryption into products that the U.S. was exporting in the 1990s. At the Washington Post, Timberg cuts to the heart of the matter:
The flaw resulted from a former U.S. government policy that forbade the export of strong encryption and required that weaker "export-grade" products be shipped to customers in other countries, say the researchers who discovered the problem. These restrictions were lifted in the late 1990s, but the weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year.
Researchers discovered in recent weeks that they could force browsers to use the weaker encryption, then crack it over the course of just a few hours. Once cracked, hackers could steal passwords and other personal information and potentially launch a broader attack on the Web sites themselves by taking over elements on a page, such as a Facebook "Like" button.
The problem illuminates the danger of unintended security consequences at a time when top U.S. officials, frustrated by increasingly strong forms of encryption on smartphones, have called for technology companies to provide "doors" into systems to protect the ability of law enforcement and intelligence agencies to conduct surveillance.
Essentially, this U.S. policy came back to bite the country in the ass. Weak encryption was sold to Americans by law. And now, nearly every phone out there in the wild is vulnerable to attack. An attack that the U.S. government could have prevented, by allowing for more robust encryption in all products.
The worst part? You generally don't get updates from your carrier for the Android operating system in your phone. So this flaw will likely go unpatched for millions of people. The flaw will affect iOS too, but is far more likely to be patched.
Sadly, the U.S. government is still engaging in policies today that will result in similar security flaws tomorrow. When the NSA asks companies to build backdoors into their software for the government, it will inevitably create a similar problem sooner or later. A backdoor, after all, is just a security flaw designed to be used by the supposed good guys. Unfortunately, they can be exploited by anyone, and deliberately building them into software is only asking for trouble.
If you want to know whether your phone or machine is vulnerable to FREAK, you can visit the Freak Attack site, which will tell you. And Matt Green has a good, technical explanation of how the attack works.
Right now, we're just waiting for updates to patch our phones. Oops, I have an Android phone. I'll be right here, though. Waiting.
Contact the author at annalee@gizmodo.com.
Public PGP key
PGP fingerprint: CA58 326B 1ACB 133B 0D15 5BCE 3FC6 9123 B2AA 1E1A