The FREAK vulnerability refers to a weakness in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols caused by the use of ‘export-grade’ encryption. The name stands for ‘Factoring RSA Export Keys.’
The threat allows an attacker to make a vulnerable client use a weaker encryption cipher — weaker key exchange cipher — and, in this way, gain access to the data traffic. This is because when using 512 or fewer bits, the RSA encryption can be easily broken.
In the sections below, you can find out the essentials about the FREAK vulnerability and how you can make sure you’re protected against it.
What Is the FREAK Attack?
The FREAK vulnerability is a significant security SSL/TLS weakness that has its roots in the 1990s.
Back then, the U.S. government required that software that was to be used outside of the country needed to employ cipher suites that contain less than 512 bits. They were called ‘export cipher suites.’ This measure aimed to regulate the use of robust encryption protocols for export software, so it had to employ weaker encryption.
The rules were changed in 2000 when the U.S. export laws were updated. However, the 1990s-era ‘export-grade’ cryptography stayed in many software solutions. While the protection such keys provided in the 1990s was solid, they can be cracked in a couple of hours and with minimum financial investment. This makes millions of users vulnerable to a classic attack scenario — the Man-in-the-Middle attack.
How Do FREAK Vulnerabilities Work?
In essence, the FREAK vulnerability allows hackers to gain access to a website’s private key by intercepting HTTPS connections between clients and vulnerable servers. This, in turn, means they can decrypt login cookies, passwords, credit card information, and other vulnerable data from HTTPS connections.
The reason for the weakness is that the client is forced to use an ‘export-grade’ key or 512-bit export RSA key — which is much easier to track and break than present-day encryption standards, practically jeopardizing secure connections.
How exactly does this work? An attacker can ask for ‘export RSA’ instead of the standard RSA cipher suites through the client’s Hello message. The server then answers with a 512-bit-long export cipher key instead of today’s high-security keys. The response is signed with its long-term key.
The website client takes in the weak ‘export-grade’ key, allowing the Man-in-the-Middle attacker to get the RSA decryption key and use the ‘pre-master secret’ to gain access to the TLS’ master secret’, which is employed for symmetric encryption of messages in the connection. Afterward, the attacker can inject malicious code into the plaintext file — the essence of command injection risks.
Discovery of the Vulnerability
As history shows, the seeds for the FREAK attack were sown three decades earlier by the U.S. government’s requirements for export software. However, the security community didn’t notice the FREAK vulnerability until it was identified in 2015 by security researchers — security expert Karthikeyan Bhargavan from the French Institute for Research in Computer Science and Automation (INRIA) and researchers from miTLS, a joint center between Microsoft Research and INRIA. The IMDEA Software Institute also contributed to the research on the threat. The vulnerability was called CVE-2015-0204.
The FREAK attack is similar to the POODLE attack, or ‘Padding Oracle On Downgraded Legacy Encryption’. The POODLE vulnerability allows attackers to force the whole SSL/TLS security suite to use the weakest protection. However, the FREAK threat impacts only SSL/TLS implementations which would enable ‘export-grade’ insecure ciphers using RSA encryption.
The vulnerability is thought by some cyber security experts to be intentionally created by governments to ensure a surveillance ‘backdoor’ for authorities.
After the discovery, researchers discovered that the FREAK vulnerability has exposed millions of users for decades. In addition, it affects both Apple and Android vulnerable devices — through OpenSSL versions 1.01k and earlier and Apple’s Secure Transport.
The scale of the vulnerability was thus significant, making it an industry-wide issue with sizable potential for harmful cyber attacks. For example, android browsers and many other applications use OpenSSL. Apple’s Secure transport, on the other hand, is used in both iOS and OS X applications, affecting iPhones, iPads, and Macs. Microsoft Windows was also found vulnerable through the Secure Channel, also known as Schannel, a security support provider (SSP).
In general, a few conditions had to be met to make a system vulnerable to the FREAK technique:
- The server has to support RSA cipher suits that were deemed ‘export-grade’ encryption;
- The client has to offer export-grade insecure cipher suites, use an OpenSSL vulnerable version, Apple SecureTransport, or Windows Secure Channel/Schannel.
Through a scan of 14 million websites, researchers Alex Halderman, Zakir Durumeric, and David Adrian at the University of Michigan found that 36% of SSL websites were vulnerable to the threat. These included the FBI, Bloomberg, Nielsen, Business Insider, and many more.
OpenSSL, Google and Apple quickly reacted with patches addressing FREAK vulnerability.
Apple product security teams deployed patches that fixed the computer and mobile devices issue. Additionally, the Safari browser was found not to be vulnerable to the threat.
Google distributed an Android patch and updated the Chrome browser for Mac. It also encouraged all vulnerable websites to stop support for ‘export-grade’ certificates.
FREAK Vulnerability Security Assessment
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
How to Prevent the FREAK Vulnerability in Your Systems
In the aftermath of the discovery, it was advised to disable support for export versions of cipher suites and all other ciphers whose security is questionable. There was also specific configuration guidance for default configurations and advice for cipher suite enforcement policies.
You can use our in-depth resource on Secure TLS Configuration to ensure you use only strong cipher suites that are not susceptible to the FREAK threat.
Is your web app or API truly protected? With Crashtest Security’s powerful Vulnerability Testing Software, you can check for the FREAK vulnerability and similar threats — to determine if your systems are safe.