Researchers Find New 'FREAK' Security Flaw, Apple Says Fix Coming Soon

apple_lock_faceResearchers have recently uncovered a major security flaw in software created by companies like Google and Apple, leaving many devices vulnerable to hacking attempts, reports The Washington Post. Called "FREAK" (Factoring Attack on RSA-EXPORT Keys), the vulnerability stems from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States.

These restrictions were lifted more than a decade ago, but the weaker encryption has continued to be used by software companies as a result of the old policy and it has even been built into software in the U.S. The existence of lingering "export-grade" encryption was unnoticed until this year, when researchers found they could force browsers to use lower-grade 512-bit encryption and then crack it.

Hackers could potentially employ the same tactic, cracking weak encryption and then stealing passwords and other information. Researchers also believe the vulnerability could be used to launch attacks on and infiltrate major websites. In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.

"We thought of course people stopped using it," said Karthikeyan Bhargavan, a researcher at the French computer science lab INRIA whose team initially found the problem during testing of encryption systems.

Nadia Heninger, a University of Pennsylvania cryptographer, said, "This is basically a zombie from the '90s... I don't think anybody really realized anybody was still supporting these export suites."

As pointed out by The Washington Post, the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security. Government officials have recently expressed concern over the privacy features that Apple and Google have been building into their smartphones in response to outrage over secretive government surveillance programs like PRISM.

FBI Director James Comey has made remarks suggesting Apple and Google should scale back encryption, as government access to electronic devices is necessary in some cases. He has said that it may matter a "great, great deal" that the government be able to infiltrate the device of a kidnapper, criminal, or terrorist.

The researchers who discovered the flaw have notified government sites and major technology companies to fix the issue before it became widely publicized. FBI.gov and Whitehouse.gov have been fixed, and according to Apple spokeswoman Trudy Miller, Apple is preparing a security patch that will be "in place next week for both its computers and its mobile devices."

Popular Stories

iOS 18

Here Are Apple's Full Release Notes for iOS 18.2

Thursday December 5, 2024 11:48 am PST by
Apple seeded the release candidate version of iOS 18.2 today, which means it's going to see a public launch imminently. Release candidates represent the final version of new software that will be provided to the public should no last minute bugs be found, and Apple includes release notes with the RC launch. The iOS 18.2 release notes provide a look at all of the new features that are coming...
New Things Your iPhone Can Do in iOS 18

20 New Things Your iPhone Can Do in iOS 18.2

Friday December 6, 2024 4:42 am PST by
Apple is set to release iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls...
iPhone 17 Slim Feature

iPhone 17 'Air' Expected to Be ~2mm Thinner Than iPhone 16 Pro

Friday December 6, 2024 4:07 pm PST by
In 2025, Apple is planning to debut a thinner version of the iPhone that will be sold alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. This iPhone 17 "Air" will be about two millimeters thinner than the current iPhone 16 Pro, according to Bloomberg's Mark Gurman. The iPhone 16 Pro is 8.25mm thick, so an iPhone 17 that is 2mm thinner would come in at around 6.25mm. At 6.25mm,...
iPhone 14 Pro Display Two Times Brighter Feature

Every Display Upgrade Rumored for Apple's iPhone 17

Friday December 6, 2024 5:14 am PST by
Apple's next-generation iPhone 17 lineup may bring some of the most significant display improvements we've seen in recent years. While the iPhone 17 series isn't expected until late 2025, multiple rumors suggest Apple is working on substantial screen upgrades across its entire smartphone range. From enhanced refresh rates to advanced materials and improved power efficiency, these display...
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Thursday November 28, 2024 3:30 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
iCloud General Feature

Apple Defeats Lawsuit Related to iCloud's Measly 5GB of Free Storage

Friday December 6, 2024 7:43 am PST by
The U.S. Court of Appeals for the Ninth Circuit this week upheld a lower court's dismissal of a lawsuit alleging that Apple illegally deceived customers into paying for iCloud storage, according to a court filing. The decision was reported by Law360. The lawsuit alleged that Apple deceived customers into purchasing iCloud-enabled devices by misleading customers into believing that they can...
surface studio 4

Microsoft Discontinues iMac Rival Surface Studio 2+

Friday December 6, 2024 6:30 am PST by
Microsoft has discontinued its Surface Studio 2+, marking the end of the company's only direct competitor to Apple's iMac, leaving a gap in the Windows ecosystem for high-end all-in-one PCs. Microsoft has confirmed to Windows Central that it has ended production of the Surface Studio 2+, a premium all-in-one desktop designed for creative professionals. With remaining stock now limited to...
open ai logo

OpenAI Launches $200/Month ChatGPT Pro Plan

Thursday December 5, 2024 4:19 pm PST by
OpenAI today announced the launch of ChatGPT Pro, a $200 per month subscription service that provides unlimited access to OpenAI o1, the company's newest and most advanced large language model. The plan includes unlimited use of OpenAI o1, o1-mini, GPT-4o, and Advanced Voice, along with o1 pro mode, an o1 version that uses more compute to provide better answers to the hardest problems. In...

Top Rated Comments

AngerDanger Avatar
128 months ago
In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.

For those who are wondering, that's roughly 13.5 hours using bananas, depending on ripeness.
Score: 26 Votes (Like | Disagree)
anzio Avatar
128 months ago
How do I get a job naming these exploits?

Discover an exploit.
Score: 15 Votes (Like | Disagree)
NightFox Avatar
128 months ago
I'm still trying to work out how you get from "Factoring Attack on RSA-EXPORT Keys" to FREAK. This is taking acronym creation into a whole new dimension.
Score: 10 Votes (Like | Disagree)
Saucesome2000 Avatar
128 months ago
"the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security."

It's a good thing no problems could arise if the government ever gets involved in regulating the internet...
Score: 8 Votes (Like | Disagree)
H2SO4 Avatar
128 months ago
Pardon???

I mean….
...from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States

WTF??
Score: 7 Votes (Like | Disagree)
Reason077 Avatar
128 months ago
OMG I'm so like FREAKing out right now
Score: 7 Votes (Like | Disagree)