The integrity of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption is the focal point for a newly discovered vulnerability known as Factoring attack on RSA-EXPORT Keys, or FREAK, that could potentially enable attackers to decrypt secured data traffic.
The FREAK vulnerability, also identified as CVE-2015-0204, is a cryptographic weakness that is triggered by use of what is known as export-grade cryptography. It was reported by the miTLS research effort, which is a joint project of INRIA and Microsoft Research.
“This attack targets a class of deliberately weak export cipher suites,” the miTLS researchers stated. “As the name implies, this class of algorithms were introduced under the pressure of US governments agencies to ensure that they would be able to decrypt all foreign encrypted communication, while stronger algorithms were be banned from export (as they were classified as weapons of war). “
The flaw is actually inside the open-source OpenSSL cryptographic library for versions prior to 1.0.1k, and it has already been patched in the upstream open-source project. According to the CVE advisory, the FREAK attack “allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.”
Servers that support the use of the export-grade cryptography are at risk, as well as Google’s Android and Apple’s Safari Web browser.
“We encourage all websites to disable support for export certificates,” a Google spokesperson told eWEEK in an email. “Android’s connections to most websites—which include Google sites, and others without export certificates—are not subject to this vulnerability.”
The Google spokesperson added that Google has also developed a patch to protect Android’s connection to sites that do expose export certs, and that patch has been provided to partners. The miTLS researchers noted in their discussion of the FREAK flaw that they informed the affected vendors, and Apple has advised them that a patch is coming.
The FREAK attack joins a number of vulnerabilities in SSL/TLS that have been revealed in recent years. In October 2014, Google researchers disclosed the POODLE vulnerability in SSL 3.0. Heartbleed, a high-impact flaw in OpenSSL, was disclosed in April 2014. In 2011, the BEAST attack against SSL/TLS, which still impacts approximately 80 percent of sites tested by Qualys Labs’ SSL Pulse service, was disclosed.
The discovery of yet another SSL/TLS vulnerability is not a surprise to Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
“There are most certainly many more protocol, crypto and certificate vulnerabilities out there lurking,” Bocek said.
Bocek added that SSL/TLS and their associated digital certificates are the foundation of security on the Internet. As a result, regardless of the vulnerability, the basic lesson is the same: SSL/TLS, keys and certificates are too important to be treated with blind trust.
“Heartbleed was just a pinprick and with more sites using encryption and certificates than ever before, the target is getting bigger for the bad guys,” he said. “Their interest in intercepting encrypted traffic, spoofing trusted sites or hiding in encryption is only growing.”
Bocek suggests that for IT security professionals, the right path forward is to not take SSL/TLS and certificates for granted.
“Know what crypto you’re using and know everywhere you have certificates—including out in the cloud and with CDNs [content delivery networks],” he said. “All the vulnerabilities and attacks on SSL/TLS and certificates have shown us that time is up.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
