FREAK ( Factoring RSA Export Keys) : Vulnerability Forces Weaker Encryption

According to Freak attack tracking website, the HTTPS connection is vulnerable “If the server accepts RSA_EXPORTS Cipher suites and the client either offers an RSA_EXPORT suites or is using a version of OpenSSL that is vulnerable to CVE-2015-0204

You forget last year disastrous POODLE Flaw which let downgrade the security of the whole SSL/TLS communication to the weakest level.

Even before POODLE and now FREAK, the Heartbleed flaw existed in OpenSSL.

FREAK is similar to these attacks in that it also exploits vulnerabilities in OpenSSL to downgrade secure connections from "strong" RSA to "export-grade" RSA cryptography, allowing cybercriminals to intercept, decrypt and access personal information.


A vulnerable client such as your web browser, Smartphone Apps start talking to a server working on HTTPS, and start list the encryption algorithms and key lengths it supports and those it prefers meant these should be strong ciphers and long keys.

An Attacker (MAN-IN-THE-MIDDLE) able to intercept traffic between the client and the server and can tamper with that message to say the client only wants weak export-grade keys encryption, for example 512-bit RSA Key.

Due to Bugs in OpenSSL and Secure Transport, Server replies with a weak key, the client will accept it and after that encryption process will start.

An attacker can go to a cloud provider and can decode a key for around $100 and half a day.
An analysis of the attack by Assistant Research Professor Matthew Green of Johns Hopkins University's Information Security Institute in Maryland summarizes the situation thus:

1.      In the client's Hello message, it asks for a standard 'RSA' ciphersuite.
2.      The MITM attacker changes this message to ask for 'export RSA'.
3.      The server responds with a 512-bit export RSA key, signed with its long-term key.
4.      The client accepts this weak key due to the OpenSSL/SecureTransport bug.
5.      The attacker factors the RSA modulus to recover the corresponding RSA decryption key.
6.      When the client encrypts the 'pre-master secret' to the server, the attacker can now decrypt it to recover the TLS 'master secret'.
7.      From here on out, the attacker sees plaintext and can inject anything it wants.

How to downgrade the SSLversion

For Practical, I am taking the website,
You can see in below image before MITM attack over SSL, website was running on the TLS Higher version TLS 1.2, that means SSL Connection between browser and server has been encrypted by TLS 1.2


But after Man-In-The-Middle attack,  SSL Connection between browser and server encrypted by lower version of TLS 1.0

Popular Sites Affected

According to reports, 37% of browser-trusted sites are affected by this flaw. Affected sites include Bloomberg, Business Insider, ZDNet, HypeBeast, Nielsen, and the FBI. It bears stressing that there are country-specific sites that were also affected.

Microsoft has confirmed all version of Windows are vulnerable. Red Hat confirmed that versions 6 and 7 of Red Hat Enterprise Linux (RHEL) are vulnerable as well. Browsers that are vulnerable to the FREAK vulnerability include Internet Explorer, Opera (Mac OS X / Linux), and Safari.

Addressing the FREAK Flaw

OpenSSL has provided a patch for CVE-2015-0204 in January. Apple is reportedly deploying a patch for both mobile devices and computers.

Advise for Android users to refrain from using the default Android browser in their devices. They can instead use the Google Chrome app as it is not affected by the bug. Furthermore, connections to the Google search site are not affected.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Hackarde's Search Engine- Search Hacking Tutorial,Tool and eBook

HACKARDE © 2011 | Designed by HrDe