The moment you think your computer is safe to use, new security flaws emerge to rock the Internet world, threatening the identity of millions of Internet users. Last year it was Heartbleed and Shellshock, and this year it’s FREAK. Named in a clever acronym format, FREAK stands for Factoring Attack on RSA-EXPORT Keys. The bug affects SSL/TLS protocols, which are used to encrypt data as it is transmitted over the Internet. The bug puts at risk your private information which is sent through the Internet. This includes your passwords, banking details, and credit card information.
According to FreakAttack.com, a site dedicated to track the impact of the attack and help users find out if they’re vulnerable, the FREAK attack is possible when a vulnerable browser connects to a susceptible Web server, one that accepts “export-grade” encryption.
The flaw allows malicious parties to force servers to automatically downgrade their security codes. Once that’s done, the attackers can easily crack all the encrypted communications through advanced Man-In-The-Middle (MITM) attacks. This means that when you use the Internet, your computer communicates with your server on how to protect your data. However, FREAK flaw manipulates certain software, including Apple’s Secure Transport, to accept weaker encryption programs. These can then be hacked by sophisticated hackers to steal your private and confidential data.
This newly discovered encryption flaw has left millions of users of Apple’s Safari and Google’s Android browsers vulnerable to hackers. Not just that, about five million websites which are using the older encryption programs like SSL technology are also vulnerable to attack. To stay protected, users should avoid using Wi-Fi Internet services in hotels, airports, or coffee shops and malls.
Apple and Google are also working on security patches to protect their users from attack. Though Apple is expected to release its security patch for Apple computers and iPhones by next week, Google has already extended its solutions to the manufacturers of Android devices. Now it’s in the hands of OEMs to implement the solution to protect their users.