Researchers Find New 'FREAK' Security Flaw, Apple Says Fix Coming Soon

apple_lock_faceResearchers have recently uncovered a major security flaw in software created by companies like Google and Apple, leaving many devices vulnerable to hacking attempts, reports The Washington Post. Called "FREAK" (Factoring Attack on RSA-EXPORT Keys), the vulnerability stems from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States.

These restrictions were lifted more than a decade ago, but the weaker encryption has continued to be used by software companies as a result of the old policy and it has even been built into software in the U.S. The existence of lingering "export-grade" encryption was unnoticed until this year, when researchers found they could force browsers to use lower-grade 512-bit encryption and then crack it.

Hackers could potentially employ the same tactic, cracking weak encryption and then stealing passwords and other information. Researchers also believe the vulnerability could be used to launch attacks on and infiltrate major websites. In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.

"We thought of course people stopped using it," said Karthikeyan Bhargavan, a researcher at the French computer science lab INRIA whose team initially found the problem during testing of encryption systems.

Nadia Heninger, a University of Pennsylvania cryptographer, said, "This is basically a zombie from the '90s... I don't think anybody really realized anybody was still supporting these export suites."

As pointed out by The Washington Post, the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security. Government officials have recently expressed concern over the privacy features that Apple and Google have been building into their smartphones in response to outrage over secretive government surveillance programs like PRISM.

FBI Director James Comey has made remarks suggesting Apple and Google should scale back encryption, as government access to electronic devices is necessary in some cases. He has said that it may matter a "great, great deal" that the government be able to infiltrate the device of a kidnapper, criminal, or terrorist.

The researchers who discovered the flaw have notified government sites and major technology companies to fix the issue before it became widely publicized. FBI.gov and Whitehouse.gov have been fixed, and according to Apple spokeswoman Trudy Miller, Apple is preparing a security patch that will be "in place next week for both its computers and its mobile devices."

Top Rated Comments

AngerDanger Avatar
119 months ago
In testing, the export-grade encryption key was breached in seven hours using computers and more than a quarter of encrypted sites were found to be vulnerable.

For those who are wondering, that's roughly 13.5 hours using bananas, depending on ripeness.
Score: 26 Votes (Like | Disagree)
anzio Avatar
119 months ago
How do I get a job naming these exploits?

Discover an exploit.
Score: 15 Votes (Like | Disagree)
NightFox Avatar
119 months ago
I'm still trying to work out how you get from "Factoring Attack on RSA-EXPORT Keys" to FREAK. This is taking acronym creation into a whole new dimension.
Score: 10 Votes (Like | Disagree)
Saucesome2000 Avatar
119 months ago
"the FREAK vulnerability is an example of the problems that can arise when the government gets involved in device security."

It's a good thing no problems could arise if the government ever gets involved in regulating the internet...
Score: 8 Votes (Like | Disagree)
H2SO4 Avatar
119 months ago
Pardon???

I mean….
...from a U.S. government policy that once prevented companies from exporting strong encryption, requiring them to instead create weak "export-grade" products to ship to customers outside of the United States

WTF??
Score: 7 Votes (Like | Disagree)
Reason077 Avatar
119 months ago
OMG I'm so like FREAKing out right now
Score: 7 Votes (Like | Disagree)

Popular Stories

iPhone 16 Camera Lozenge 2 Colors

iPhone 16 Plus Rumored to Come in These 7 Colors

Wednesday April 10, 2024 3:52 am PDT by
Apple's iPhone 16 Plus may come in seven colors that either build upon the existing five colors in the standard iPhone 15 lineup or recast them in a new finish, based on a new rumor out of China. According to the Weibo-based leaker Fixed focus digital, Apple's upcoming larger 6.7-inch iPhone 16 Plus model will come in the following colors, compared to the colors currently available for the...
apple tv 4k yellow bg feature

When to Expect a New Apple TV to Launch

Tuesday April 9, 2024 8:30 am PDT by
It has been nearly a year and a half since the current Apple TV was released, so the device is becoming due for a hardware upgrade. Below, we recap rumors about the next Apple TV, including potential features and launch timing. The current model is the third-generation Apple TV 4K, announced in October 2022. Key new features compared to the previous model from 2021 include a faster A15...
apple silicon feature joeblue

Macs to Get AI-Focused M4 Chips Starting in Late 2024

Thursday April 11, 2024 10:10 am PDT by
Apple will begin updating its Mac lineup with M4 chips in late 2024, according to Bloomberg's Mark Gurman. The M4 chip will be focused on improving performance for artificial intelligence capabilities. Last year, Apple introduced the M3, M3 Pro, and M3 Max chips all at once in October, so it's possible we could see the M4 lineup come during the same time frame. Gurman says that the entire...
iOS 18 WWDC 24 Feature 2

iOS 18 May Feature All-New 'Safari Browsing Assistant'

Wednesday April 10, 2024 6:11 am PDT by
iOS 18 will apparently feature a new Safari browsing assistant, according to backend code on Apple's servers discovered by Nicolás Álvarez. MacRumors contributor Aaron Perris confirmed that the code exists, but not many details are known at this time. Álvarez said it seems like the browsing assistant will use iCloud Private Relay's infrastructure to send relevant data to Apple in a...
maxresdefault

Review: Six Months With the iPhone 15 Pro

Wednesday April 10, 2024 10:53 am PDT by
It's been a bit over six months since the iPhone 15 lineup came out in September, and MacRumors videographer Dan Barbera has been using an iPhone 15 Pro Max sans case since launch. Over on our YouTube channel, Dan did a long term review to demo how his phone has held up and his thoughts on the Action button, battery life, and camera features. Subscribe to the MacRumors YouTube channel for more ...
iPhone 16 Pro Sizes Feature

Alleged iPhone 16 Battery Details Show Smaller Capacity for One Model

Tuesday April 9, 2024 3:46 am PDT by
Apple's upcoming iPhone 16 lineup will feature bigger battery capacities compared to previous-generation models with the exception of the iPhone 16 Plus, which will have a smaller battery than its predecessor. That's according to the Chinese Weibo-based leaker OvO Baby Sauce OvO, a relatively new source of supply chain leaks with an as-yet unproven track record for accuracy. The iPhone 16 ...