Connect with us

Hi, what are you looking for?

Tech & Science

FREAK security flaw in HTTPS affects Windows too

Dubbed FREAK, short for Factoring Attack on RSA-EXPORT Keys, the bug that has been present in the basic protocol for secure transfer of information across the internet for years was only uncovered this week.
Initially reported as only affecting Android, iOS, OS X and BlackBerry devices, Microsoft revealed today that Windows is also vulnerable.
In a security advisory published on TechNet, Microsoft acknowledged that FREAK could compromise “all supported releases of Microsoft Windows”. FREAK can be used by hackers on windows through a weakness in the company’s Schannel software that implements the secure protocols SSL and TLS for internet transfer.
Scanning site which can detect if the exploit can be run on a device confirmed that Internet Explorer 11 on a fully updated Windows 7 was vulnerable and at risk of being compromised, rejecting previous beliefs that Windows was immune from this security issue.
FREAK makes it possible for external hackers to monitor traffic between compromised web browsers and servers. They can then force the browser to use a weak encryption key to transmit data through the injection of malicious code or pose as the intended website so that data can be intercepted, read and modified. This could include any personal information and passwords used online and also payment details during transactions.
Apple has not yet updated OS X or iOS to protect against the issue. The company has said that it intends to do so next week. Google is also yet to release an update to Google Chrome on Android, despite updating Chrome on Mac.
Microsoft will update Windows in a future security patch. Meanwhile, the severity of FREAK is believed by security researchers to be very high because of the sheer number of websites and servers that rely on HTTPS to communicate with browsers.
In a scan of 14 million HTTPS protected websites by security researchers, 36% of them could be fooled into thinking they were on a secure connection with a client through the use of FREAK.

Written By

You may also like:


Hospital beds line the floor of the Los Angeles Convention Center as Airmen from the California Air National Guard's 146th Airlift Wing set up...


Demand for solar installations is surging across Canada, according to Nicholas Gall, at the Canadian Renewable Energy Association.


Accessing Rio de Janeiro's tourist sites became conditional Wednesday on presentation of a coronavirus vaccine certificate.


China accused the United States of 'creating risks' in the South China Sea after the USS Curtis Wilbur (pictured here in 2018) sailed through...