What to do about the new FREAK vulnerability
Recently, a team of cryptographers at INRIA, Microsoft, and IMDEA discovered an SSL vulnerability in OpenSSL and Apple’s SecureTransfer that allow attackers to downgrade the encryption being used from ‘strong’ RSA to ‘export-grade’ RSA. By using a Man-in-the Middle style attack, attackers intercept communications and are able to trick servers into providing a much weaker encryption key than they otherwise would. With this new vulnerability making the rounds among the various news outlets, SecureState is here to answer some questions you might have about the new vulnerability, known as FREAK.
How can this vulnerability be exploited in an attack?
This vulnerability is exploited using a Man-in-the-Middle (MitM) attack, which involves an attack positioning himself between the client and the server and intercepting communications between the two. When the client first contacts the server, their device sends a request for a standard or higher grade RSA cipher. Normally, the server would respond with the level requested, and most current software would never request an export grade RSA cipher, as those are considered too weak to be secure. However, to perform this attack, an attacker intercepts the initial request, and instead asks that the server send an export grade cipher. Thinking that this request came from a legitimate client, the server responds and sends the export grade RSA key. The attacker intercepts the key, sending it on to the client unaltered while keeping a copy that he can factor to recover the decryption key, with the factoring being much easier due to the lower strength key. With this decrypted, the attacker can then decrypt the next message from the client, and then basically has full plaintext access to all of the communications between the client and the server.
Figure 1: A basic outline of the MitM attack using the FREAK vulnerability
If export grade RSA is so weak, why is it still available?
Export grade RSA was the resolve of the US government in the 90s requiring a simplified encryption protocol to be in place for any exported encryption protocol. In short, the government wanted to guarantee that if any international communications took place using that protocol, they would probably be able to break the encryption and access the information contained therein. The problem with this is that it basically made the entire protocol much less secure, and eventually the plan was scrapped, but not before the export grade level encryption was already included in SSL. Despite knowing this, most security minded people were not too concerned with the availability of export level encryption, as almost all browsers were configured not to request export level encryption. Additionally, the US government does not require this level of encryption any more, and it was believed that export grade RSA was a largely abandoned protocol no longer in use. The researchers found that in many more instances that previously believed, export grade RSA was still available on servers across the web.
What does this vulnerability mean for users?
Basically, certain browsers can be forced to accept the weaker keys, even if they did not initially request them. So if the browser asks for a strong RSA key, it can still be forced to accept a much lower strength export grade key. In the MitM attack above, the client originally requested a much better form of encryption, which was downgraded by the attacker. The browser should not accept this, but currently, several browsers do.
How can users protect themselves against this?
Users should switch their browser to either Google Chrome or Firefox, both of which were found to not be vulnerable to the encryption downgrade. As much as possible, stick to browsing only sites that are not vulnerable to the issue, which can be foundhere. That link will also test your current browser to see if it is vulnerable. If users have to use a browser or hardware that is weak to this vulnerability (for example Android products or any device running Apple’s Safari browser), contact the manufacturer to request a patch. With as much attention as this vulnerability is getting, it is unlikely that most manufacturers aren’t already working on patches for their software and devices, but it never hurts to put a little extra pressure on them.
As someone running a website, what can I do about this?
Currently, you are mostly at the mercy of the companies that make the vulnerable hardware and software. With many vulnerabilities, the solution is any number of changes in the configuration of the device or software. However, with the FREAK vulnerability being based in the SSL protocol, there is no configuration that can mitigate the problem. You should consult with manufacturers for patch information, and keep all of your devices and software up to date as much as possible. To check if your device or service is vulnerable, you can use the command line information found here.