Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
MacBook Pro Updates
Researchers Find New 'FREAK' Security Flaw, Apple Says Fix Coming Soon
Researchers have recently uncovered a major security flaw in software created by companies like Google and Apple, leaving many devices vulnerable to hacking attempts, reports The Washington Post. Called "FREAK" (Factoring Attack on RSA-EXPORT Keys), the vulnerability stems from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States.
These restrictions were lifted more than a decade ago, but the weaker encryption has continued to be used by software companies as a result of the old policy and it has even been built into software in the U.S. The existence of lingering "export-grade" encryption was unnoticed until this year, when researchers found they could force browsers to use lower-grade 512-bit encryption and then crack it.
Hackers could potentially employ the same tactic, cracking weak encryption and then stealing passwords and other information. Researchers also believe the vulnerability could be used to launch attacks on and infiltrate major websites. In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.
"We thought of course people stopped using it," said Karthikeyan Bhargavan, a researcher at the French computer science lab INRIA whose team initially found the problem during testing of encryption systems.As pointed out by The Washington Post, the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security. Government officials have recently expressed concern over the privacy features that Apple and Google have been building into their smartphones in response to outrage over secretive government surveillance programs like PRISM.
Nadia Heninger, a University of Pennsylvania cryptographer, said, "This is basically a zombie from the '90s... I don't think anybody really realized anybody was still supporting these export suites."
FBI Director James Comey has made remarks suggesting Apple and Google should scale back encryption, as government access to electronic devices is necessary in some cases. He has said that it may matter a "great, great deal" that the government be able to infiltrate the device of a kidnapper, criminal, or terrorist.
The researchers who discovered the flaw have notified government sites and major technology companies to fix the issue before it became widely publicized. FBI.gov and Whitehouse.gov have been fixed, and according to Apple spokeswoman Trudy Miller, Apple is preparing a security patch that will be "in place next week for both its computers and its mobile devices."
[ 69 comments ]
Top Rated Comments
(View all)
55 months ago
In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.
For those who are wondering, that's roughly 13.5 hours using bananas, depending on ripeness.
55 months ago
I'm still trying to work out how you get from "Factoring Attack on RSA-EXPORT Keys" to FREAK. This is taking acronym creation into a whole new dimension.
55 months ago
"the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security."
It's a good thing no problems could arise if the government ever gets involved in regulating the internet...
It's a good thing no problems could arise if the government ever gets involved in regulating the internet...
55 months ago
Pardon???
I mean .
...from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States
WTF??
I mean .
...from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States
WTF??
55 months ago
"This is basically a zombie from the '90s... I don't think anybody really realized anybody was still supporting these export suites."
I'll bet the NSA knew it was still being used. Course if the vulnerability is there, its there for anyone who wants to use it (criminals, China, NSA etc.).
I was hoping to hear more about the technical details of the vulnerability and how bad this is (i.e. is this in Safari, should we not do secure website use till its fixed?)
I'll bet the NSA knew it was still being used. Course if the vulnerability is there, its there for anyone who wants to use it (criminals, China, NSA etc.).
I was hoping to hear more about the technical details of the vulnerability and how bad this is (i.e. is this in Safari, should we not do secure website use till its fixed?)
55 months ago
Apple is preparing a security patch that will be "in place next week for both its computers and its mobile devices."
Guess this answers the "When is iOS 8.2 going to be released" rumor
55 months ago
This is thirty-year old news.
----------
Ridiculous comment. Computers are much, much more than twice as fast as bananas in breaking encryption. Maybe they were closer back in the '90s.
Maybe an European banana but I think African bananas can crunch through encryption much faster.
55 months ago
I see Kim Jong Un never got the memo about not buying from a US company...
US software can't be sold in certain countries such as North Korea according to US law. As a result, *nix has a far higher marketshare in NK than most other places (you can't legally install either of the leading OSs, Windows or OS X, there, because they're both from US companies.)
[ Read All Comments ]
As of today, transit users in the Portland-Vancouver area are able to use their iPhones and Apple Watches to ride the TriMet, C-Tran, and Portland Streetcar, according to the Portland Tribune.
A...
There are quite a few deals happening today that could save shoppers some money on iTunes credit, Apple's Smart Battery Case for the iPhone XR, and previous generation Retina iMacs. All of these...
Smart home company Tado has announced an updated version of its Smart AC Controller that includes Apple HomeKit support out of the box.
Available today in the U.K. and other European...
National Australia Bank (NAB) today announced support for Apple Pay, allowing NAB customers with a Visa Card to make purchases using the Apple Pay payments service.
NAB, a former notable Apple...
MacRumors readers have a chance to save on a collection of Anker accessories this week, thanks to our latest exclusive sale with the popular accessory maker. This time around our sale includes up to...
Hyper today announced the launch of its new HyperJuice 130W Dual USB-C Battery Pack, which is now available for purchase following a successful crowdfunding campaign.
The new HyperJuice Battery...
Microsoft today announced the launch of a preview or canary build of its Microsoft Edge browser designed for the macOS operating system.
Microsoft Edge for macOS can be installed from the...
Pandora today launched a new desktop app for Mac, aimed at all Pandora listeners across both its free and paid tiers. Similar to its mobile apps, Pandora for Mac allows for full access to Pandora...
