FREAK Flaw Leaves Web Sites and Mobile Devices Exposed

Many web sites and mobile devices are at risk of electronic attack thanks to a newly discovered security vulnerability that dates back to the 1990s. Dubbed FREAK, this vulnerability was inadvertently caused by the lifting of strong encryption requirements for products exported from the United States over two decades ago.

FREAK—for “Factoring Attack on RSA-EXPORT Keys”—was discovered by cryptographers at INRIA (the French Institute for Research in Computer Science and Automation), Microsoft Research and IMDEA (Spain). It is a set of vulnerabilities in OpenSSL on the web, and on Android and on Apple systems including iOS, which allow man in the middle attacks similar to those made possible by the Superfish malware that Lenovo was distributing on its PCs. Ironically, this vulnerability is present in many US government sites.

Basically, hackers can downgrade secure encrypted connections to “export-grade” (512 bit) encryption—itself dating back to the 1980s—which is fairly easy to exploit with a brute force attack. The cryptographers were able to crack this weak encryption in just over seven hours using a block of Amazon-hosted virtual machines at a cost of about $100. And this all works because of bugs in modern OpenSSL clients that cause them to accept vulnerable export-grade encryption keys.

Curiously, these bugs are tied to US government policy from the early 1990s: at the time, the United States had strict rules regarding the distribution of encryption products outside the country, and it required companies doing so to deliberately weaken the strength of those keys to 512 bits so that the NSA could still intercept supposed secure communications. Inside the US, companies—and the government—could and did use stronger encryption. But because of this two-tier system, companies built software that could decipher both strong and weak encryption keys.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

The US eventually lifted its ban on exporting strong encryption—one imagines the NSA simply built stronger computers for thwarting it more quickly—but the software for decrypting those weak export-grade keys has sat untouched ever since. And bugs in that code now let attackers turn off today’s strong encryption in modern technology products and web sites and revert to the 1990’s-era export-grade encryption instead, making those systems vulnerable.

“Encryption backdoors never quite work out the way you want them to,” cryptographer Matthew Green writes in a bog post describing the flaw. “It seems that [export-grade encryption] is supported by as many as 36.7 percent (!!!!) of the 14 million sites serving browser-trusted certifications. The vast majority of these sites appear to be content distribution networks (CDNs) like Akamai. Those CDNs are now in the process of removing export grade suites.”

If you enjoy a bit of irony, it may amuse you to discover that the security researchers who discovered this vulnerability used it to downgrade the encryption on the NSA’s web site to 512 bits. “Since the NSA was the organization that demanded export-grade crypto, it’s only fitting that they should be the first site affected by this vulnerability,” Green explained. The hack only required “a few hours of factoring.”

While there is no evidence that hackers have already exploited the vulnerability, the responsible parties are rushing to make sure it never happens. A patch to the latest version of OpenSSL, which was released in January, negates this vulnerability. Akamai and other CDNs are currently patching their systems. Google has already shipped a patch for Android (though Google Chrome is not vulnerable; these flaws impact the non-Chrome Android web browser). And Apple says it’s working on a fix as well.

But with US and EU lawmakers currently considering a new round of encryption backdoors, especially on mobile devices which are starting to ship from the factory with strong encryption, Green has a bit of advice.

“Encryption backdoors will always turn around and bite you in the ass,” he explains. “They are never worth it.”

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.
Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: