Are we really secured while browsing in our Google or Apple devices? Millions of people may have been left vulnerable to hackers while surfing the web. A group of computer scientists have revealed a dangerous security flaw Freak Attack that could open up many phones and other machines to attack. Researchers blame the problem on an old misguided U.S. Government policy restricted back in the early 1990, which required US software makers to use weaker security in encryption programs sold overseas due to national security concerns. Netscape, for example, was distributed in both a 128-bit and a 40-bit version. It has significant implications for Android and Apple devices that connect to other websites via HTTPS.
The flaw actually emerges comes from the weak cryptographic standards between the browsers and the visited websites. The Freak attack can be launched from secure websites, may be some banks or from any US Government websites. It forces the browser to use a weaker encryption. Due to the poor encryption, secret keys can be cracked easily and within short span of time. Once cracked, hackers could steal passwords and other personal information and potentially launch a broader attack on the Web sites. The computer scientists have named it Freak attack as it stands for Factoring RSA Export Keys.
The principal technologist for the ACLU, Christopher Soghoian said “You cannot have a secure and an insecure mode at the same time. What we’ve seen is that those flaws will ultimately impact all users.”
Apple said its fix will be available next week and Google said it has provided an update to device makers and wireless carriers. Matthew Green, a computer security researcher at Johns Hopkins University said that a number of commercial website operators are also taking corrective action after being notified privately in recent weeks.