Researchers Find New 'FREAK' Security Flaw, Apple Says Fix Coming Soon

apple_lock_faceResearchers have recently uncovered a major security flaw in software created by companies like Google and Apple, leaving many devices vulnerable to hacking attempts, reports The Washington Post. Called "FREAK" (Factoring Attack on RSA-EXPORT Keys), the vulnerability stems from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States.

These restrictions were lifted more than a decade ago, but the weaker encryption has continued to be used by software companies as a result of the old policy and it has even been built into software in the U.S. The existence of lingering "export-grade" encryption was unnoticed until this year, when researchers found they could force browsers to use lower-grade 512-bit encryption and then crack it.

Hackers could potentially employ the same tactic, cracking weak encryption and then stealing passwords and other information. Researchers also believe the vulnerability could be used to launch attacks on and infiltrate major websites. In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.

"We thought of course people stopped using it," said Karthikeyan Bhargavan, a researcher at the French computer science lab INRIA whose team initially found the problem during testing of encryption systems.

Nadia Heninger, a University of Pennsylvania cryptographer, said, "This is basically a zombie from the '90s... I don't think anybody really realized anybody was still supporting these export suites."

As pointed out by The Washington Post, the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security. Government officials have recently expressed concern over the privacy features that Apple and Google have been building into their smartphones in response to outrage over secretive government surveillance programs like PRISM.

FBI Director James Comey has made remarks suggesting Apple and Google should scale back encryption, as government access to electronic devices is necessary in some cases. He has said that it may matter a "great, great deal" that the government be able to infiltrate the device of a kidnapper, criminal, or terrorist.

The researchers who discovered the flaw have notified government sites and major technology companies to fix the issue before it became widely publicized. FBI.gov and Whitehouse.gov have been fixed, and according to Apple spokeswoman Trudy Miller, Apple is preparing a security patch that will be "in place next week for both its computers and its mobile devices."

Top Rated Comments

AngerDanger Avatar
77 months ago

In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.


For those who are wondering, that's roughly 13.5 hours using bananas, depending on ripeness.
Score: 26 Votes (Like | Disagree)
anzio Avatar
77 months ago

How do I get a job naming these exploits?


Discover an exploit.
Score: 15 Votes (Like | Disagree)
NightFox Avatar
77 months ago
I'm still trying to work out how you get from "Factoring Attack on RSA-EXPORT Keys" to FREAK. This is taking acronym creation into a whole new dimension.
Score: 10 Votes (Like | Disagree)
Saucesome2000 Avatar
77 months ago
"the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security."

It's a good thing no problems could arise if the government ever gets involved in regulating the internet...
Score: 8 Votes (Like | Disagree)
H2SO4 Avatar
77 months ago
Pardon???

I mean….
...from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States

WTF??
Score: 7 Votes (Like | Disagree)
Reason077 Avatar
77 months ago
OMG I'm so like FREAKing out right now
Score: 7 Votes (Like | Disagree)

Top Stories

iphone 5s black slate

Images of Unreleased iPhone 5s in Black and Slate Shared Online

Sunday January 17, 2021 9:47 am PST by
Twitter user @DongleBookPro has today shared images of a prototype iPhone 5s in an unreleased Black and Slate color. The iPhone 5s was launched in September 2013. The device featured Touch ID, a 64-bit processor, and a True Tone LED flash for the first time. Other new features included a five-element lens with an f/2.2 aperture, a 15 percent larger camera sensor, Burst Mode, and Slo-Mo...
iP12 charge airpods feature 2

Hidden iPhone 12 Hardware Feature Could Still be Unlocked

Thursday January 14, 2021 2:51 am PST by
All iPhone 12 and iPhone 12 Pro models purportedly have a hidden reverse wireless charging feature, according to an FCC filing. The feature has not yet been activated, but could yet be unlocked for an upcoming Apple accessory. The FCC filing suggests that iPhone 12 models contain the hardware for Wireless Power Transfer (WPT) to accessories: In addition to being able to be charged by a...
google maps detailed street level e1611052089473

Google Maps Gains Enhanced Street-Level Detail in Four Major Cities

Tuesday January 19, 2021 2:34 am PST by
Google Maps has quietly been updated to include significantly more detailed street-level information in a handful of key cities around the world. Upon zooming in, Google's maps for Central London, Tokyo, San Francisco, and New York now benefit from shapes and widths that match the scale of roads more accurately. Meanwhile, enhanced graphical representations of sidewalks, crosswalks,...
macbook pro flexgate

Apple Extends 13-Inch MacBook Pro Backlight Repair Program

Sunday January 17, 2021 10:31 am PST by
Apple this week extended its worldwide 13-inch MacBook Pro Display Backlight Service Program, authorizing coverage for eligible notebooks for up to five years after the original purchase date or up to three years after the start date of the program, whichever is longer. The previous cutoff was four years after the original purchase date. Apple launched the program on May 21, 2019 after...
lg wing

LG Considering Exit From Smartphone Business, Halts LCD Production for iPhone

Wednesday January 20, 2021 5:38 am PST by
LG is considering exiting the smartphone business entirely amid declining shipments and accrued losses of $4.5 billion over the past five years (via The Korea Herald). LG CEO Kwon Bong-Seok cautioned staff earlier today that the company is re-evaluating its presence in the smartphone industry: Since the competition in the global market for mobile devices is getting fiercer, it is about...
airpods max sim ejector

AirPods Max Headband Removable With Just a SIM Ejector Tool, Hinting at Interchangeable Headbands

Tuesday January 19, 2021 8:25 am PST by
It is possible to remove the headband of AirPods Max with just a standard SIM card ejector tool, hinting at the possibility of interchanging headbands to achieve a different colorway. Image via Prelook In December, MacRumors revealed the large variety of AirPods Max ear cushion color combinations when it became clear that they were magnetically attatched and available for sale separately....
macbook pro screensaver table

Some M1 Macs Affected By Fast User Switching Screensaver Bug

Monday January 18, 2021 1:57 am PST by
A growing number of user reports online suggest some of Apple's M1 Mac models are susceptible to a Fast User Switching bug that spontaneously activates the screensaver and leaves the user unable to dismiss it. In macOS Big Sur, Fast User Switching allows users to quickly switch between user accounts without having to completely log out. Based on posts in the MacRumors forums, Apple...
Top Stories 43 Feature

Top Stories: MacBook Pro, iMac, Mac Pro, and iPhone Rumors, Best of CES 2021

Saturday January 16, 2021 6:00 am PST by
This week was sure a busy one in the Apple world, with a flurry of announcements out of CES early in the week followed by a rash of Mac- and iPhone-related rumors later in the week. The new rumors this week included details on updated MacBook Pro, iMac, and Mac Pro models, as well as a few other tidbits, so make sure to read on below to get caught up! Kuo: New MacBook Pro Models to...
shot on iphone 12 apple

Apple Highlights Photos Shot by iPhone 12 Users: Portraits, Cityscapes, and More

Tuesday January 19, 2021 6:05 am PST by
Apple today shared a gallery of photos shot by customers using the iPhone 12 mini, iPhone 12, iPhone 12 Pro, and iPhone 12 Pro Max, with scenes including cityscapes, landscapes, portraits of people, and more at day and night. Shot on iPhone 12 Pro Max by "NKCHU" in China (top) and shot on iPhone 12 Pro Max by Rohit Vohra in India (bottom) iPhone 12 mini and iPhone 12 models have a dual camera ...
Apple and Hyundai feature

Apple Car Production Again Linked to Kia Motor's US Plant in Georgia

Tuesday January 19, 2021 4:19 am PST by
Hyundai intends to transition the company's Apple Car involvement to its Kia brand as part of an internal arrangement that could see production move to the U.S., according to a new report today. On Sunday, Korea IT News reported that Apple and Hyundai are seeking a partnership agreement for the upcoming Apple Car by March, and that the electric vehicles could be made at a Georgia factory...