FREAK flaw leaves Apple and Google users vulnerable

Once again the tech world is abuzz with the news of a security flaw affecting Apple and Google mobile devices. FREAK, which stands for Factoring attack on RSA-EXPORT Keys, is the result of an old US government policy requiring US companies to use weaker “export-grade” encryption methods on devices sold overseas.

FREAK draws some parallels with the Heartbleed flaw of 2014 because it can be exploited by hackers to steal sensitive information from individuals using cloud based storage services. Although there is no evidence to show that hackers have taken advantage of this flaw, the threat still affects a majority of well-used websites as well as users of the Web browsers on Apple and Google devices.

Researchers have put the blame on an old government policy which required US software developers to make use of weak encryptions when selling software applications to countries overseas. These companies may then proceed to share the weakened encryption back to organizations in the US thereby causing a ‘butterfly effect.’

Is there any solution in the near future?

The FREAK vulnerability is widespread. The Washington Post states, “More than one third of encrypted Web sites – including those bearing the “lock” icon that signifies a connection secured by SSL technology – proved vulnerable to attack in recent tests conducted by University of Michigan computer science researchers J. Alex Halderman and Zakir Durumeric.”

In a bid to combat the menace of the FREAK flaw Apple and Google have reportedly set technical teams in place to contain its spread and the potential risk it adds for users of its devices. Apple claims it now has a solution in place to curtail the security flaw that will be implemented on Friday. As for Google, there is yet to be an official statement confirming a solution for the FREAK flaw.

Our advice at TechSpective is that you limit use of your mobile browsers and to watch this space for updates as the story unfolds. Now that FREAK is making headlines websites, browsers, and mobile devices will all be working frantically to remove remnants of the old weak encryption algorithms.

Scroll to Top