Servers that use SSL/TLS, Android & Apple devices impacted by FREAK attack
3/6/15 update: It has been discovered that computers running all versions of Microsoft Windows that are supported by Microsoft are vulnerable to FREAK. Windows computers should also be updated as soon as updates are available.
- Stop the presses: HTTPS-crippling “FREAK” bug affects Windows after all (Ars Technica)
- Microsoft Security Advisory 3046015 (Microsoft)
This information was sent to the U-M IT Security Community via email March 4, 2015.
This message is intended for U-M IT staff who are responsible for maintaining and running university servers and workstations, as well as those who provide support for users of Android and Apple (iOS and Mac OS X) devices.
Summary
This vulnerability may, under certain conditions, allow attackers to intercept HTTPS connections between vulnerable clients and servers and decrypt or alter them. This is being referred to as the FREAK attack (Factoring attack on RSA-export Keys). Although the vulnerability is widespread, it is not trivial to conduct a FREAK attack and widespread exploitation appears to be unlikely in the near future.
Android and Apple devices are impacted, and users should install updates when they become available. Those who manage servers that use SSL/TLS and support RSA export keys should take the actions listed below in this message.
Problem
There is a bug in older versions of OpenSSL and Apple's Secure Transport TLS that allows web browsers to accept insecure security keys.
Threats
A secure connection could be forced into accepting an insecure cryptographic key, then becoming vulnerable to a man-in-the-middle attack. The man-in-the-middle attacker can then alter information on the affected website in order to steal passwords and other personal information.
Affected Systems
Detection
- Determine if your website is vulnerable using the SSL Labs' SSL Server Test.
- Visit FreakAttack.com to see if your browser is vulnerable and for a list of affected, vulnerable sites.
Action Items
People responsible for any service that uses SSL/TLS should:
- Review supported ciphers
- Disable insecure ciphers, including the vulnerable RSA Export Keys.
- Patch or upgrade versions of OpenSSL older than:
- OpenSSL 1.0.1k DTLS
- OpenSSL 1.0.0p DTLS
- OpenSSL 0.9.8zd DTLS
People responsible for managing Apple iOS and Mac OS X devices should apply security updates quickly after they become available.
Make changes to test environments and conduct appropriate testing first before making changes to production services.
Technical Details
A person browsing the web on Android devices, or Apple iOS and Mac OS X devices could have a secure connection be vulnerable to a man-in-the-middle attack if a server accepts old and insecure RSA export cipher suites. A bug in OpenSSLversions older than 1.0.1k, 1.0.0p, and 0.9.8zd and Apple's Secure Transport TLS allows connections to be silently downgraded to use the weak RSA export cipher suites rather than newer, secure cipher suites.
Information for Users
If you keep your software and apps up-to-date, you don't need to do anything special to protect your devices from this attack. If you own an Android device, iOS device (iPhone or iPad), or Mac computer, install updates to the OS when they become available.
In general, the best protection for your devices is this:
- Keep your software and apps up-to-date.
- Do not click suspicious links in email.
- Do not open email attachments unless you are expecting them and trust the person who sent them.
- Use a secure Internet connection whenever you connect to the Internet.
For more information, see Spam, Phishing, and Suspicious Email and Instructions for Securing Your Devices and Data on the U-M Safe Computing website.
Questions, Concerns, Reports
Please contact [email protected].
Sincerely,
Sol Bermann,
Interim University of Michigan Chief Information Security Officer
Privacy Officer and IT Policy, Compliance and Enterprise Continuity Strategist
References
- What The FREAK? Why Android And iPhone Users Need To Pay Attention To The Latest Hot Vulnerability (Forbes)
- 'FREAK' flaw undermines security for Apple and Google users, researchers discover (Washington Post)
- Attack of the week: FREAK (or 'factoring the NSA for fun and profit') (Blog: A Few Thoughts on Cryptographic Engineering)
- "FREAK" flaw in Android and Apple devices cripples HTTPS crypto protection (Ars Technica)
- Akamai Addresses CVE 2015-0204 Vulnerability (Blog: Akamai)