Security experts have discovered a potentially catastrophic flaw that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between Android or Apple devices and hundreds or thousands or millions of websites, including AmericanExpress.com, Bloomberg.com, NSA.gov, and FBI.gov.
In recent days, a scan of more than 14 million websites that support the secure sockets layer or transport layer security protocols found that more than 36 percent of them were vulnerable to the decryption attacks. The exploit takes about seven hours to carry out and costs as little as $100 per site. The so-called FREAK attack—short for Factoring attack on RSA-EXPORT Keys—is possible when an end user with a vulnerable device—currently known to include Android smartphones, iPhones, and Macs running Apple's OS X operating system—connects to an HTTPS-protected website configured to use a weak cipher that many had presumed had been retired. At the time this post was being prepared, Windows devices were not believed to be affected, and the status of Linux devices was unknown.
Attackers who are in a position to monitor traffic passing between vulnerable end users and servers can inject malicious packets into the flow that will cause the two parties to use a weak 512-bit encryption key while negotiating encrypted Web sessions. Attackers can then collect some of the exchange and use cloud-based computing from Amazon or other services to factor the website's underlying private key. From that point on, attackers on a coffee-shop hotspot or other unsecured network can masquerade as the official website, a coup that allows them to read or even modify data as it passes between the site and the end user. The vulnerability is indexed as CVE-2015-0204