Attack of the FREAK Bug

Attack of the FREAK Bug



Do you use an Android or Apple device? Due to the number of these devices that are on the market, after all most people choose either Android or Apple due to their advances in technology, many people are going to be affected by this newly found security bug.

Aptly, the security bug is named FREAK, which stands for “factoring attack in RSA-Export Key”. The bug was found just last week, and understandably, many Android and Apple users are wondering if they are affected.

How Does FREAK Work?

FREAK is somewhat of a man in the middle security issue, according to most professional in the IT field. What FREAK does, is infiltrate those weaker encrypted connections that these devices are using. These weak encryption connections can be found just about anywhere. Luckily, most connections are going to be encrypted to the point that this attack will not happen.

With this being said, the FREAK bug gets a hold of these devices with the weak encryption, and within an hour or so, a middle man has used this connection to get passwords, hack accounts, and steal data.

The Weak Encryption

When the workings of FREAK are understood, most people dismiss this as something that is not going to affect them. However, do not be so fast to make such an assumption. All though it was in the 1990’s that the US government enforced the use of higher encrypted devices and software, there were still devices and products that continue to be shipped to the US that are not meeting these standards. It wasn’t until last year that someone noticed that some of this software was not as strongly encrypted as people would like. And some of this software has been used by both Android and Apple devices. So yes, you can still be at risk.

What Vulnerabilities Have Been Found?

The good news is that some websites, no matter what type of encryption that you have, are still protected enough that you are not going to suffer from the FREAK bug. A complete list of domains that have been found to be affected by FREAK are available via this link.

Some of the domains may surprise you, as there are several websites that have always thought to have been secure and top notch. For example, American Express, Bloomberg, and even National Geographic have all been affected by the FREAK bug.

Apple and Google Comment

Apple spokesperson Trudy Miller has stated:

“Apple is preparing a security patch that will be in place next week for both its computers and mobile devices.”

Google has stated that their computer browsers are not affected, great news for those who use Chrome. However, there are mobile devices that are affected. They have stated:

“There has been a patch developed for the Android operating system’s browser and these have been provided to our partners.”

This basically means that those companies who make Android or sell Android are responsible for getting this patch to the consumers, something that many professionals do not like, as it could take months to get all the patches in place.

What To Do Now

So what do you do for now? Check on the FREAK bug list of infected domains, as well as check to see if your device could be infected. The FREAK Bug website is allowing those who click on the “Client Test” to see if their device is infected. It takes a matter of seconds with a decent Internet connection, and can be the best way to lay your worries to rest.


Leave now a Reply