Washington Post reports that a computer scientists have discovered a new vulnerability in the part of the devices that use software of Google and Apple. It remained unnoticed for more than a decade and is putting at risk the users reported in.
Gap in security concerns again HTTPS connections and is easy to overcome their defenses. Cause of the problem is outdated and forgotten requirement of the US government to ban the export of products and devices with a high level of encryption, instead relying on a lower level of protection. This requirement has been removed back in the 90s of last century, but no one has complied to change the software used.
As a result, weaker encryption was used widely until this year. It is embedded in millions of devices worldwide. Its founders, who are a group of nine specialists from various universities and companies are baptized problem FREAK.
They found that there is a relatively easy way to make your device browser to use the lower level of encryption that you can easily hacked within a few hours. Then access the online communication of the user and can obtain passwords, usernames. Experts add that by the same method can attack not only consumers but also sites.
Do not even need to have their own computing power. Engineers were able to unravel the encryption key sites within seven hours, using the resources of the Amazon Web Services. So hackers can intercept all traffic to a site, although apparently it is encrypted and protected. For conducting the attack is only necessary Internet connection, including a café, experts indicate.
Alex Halderman of the University of Michigan states that he and his colleagues have calculated that a total of over 5 million. Sites that are vulnerable. We can not know their exact number, nor whether FREAK is known to some hackers and they have already used.
A few weeks ago the specialists have informed government agencies and leading companies hoping to solve the problem before publishing information about it. Company Akamai has published in his blog some of the measures taken, it is done so earlier than expected.
Apple announced that it is developing an update to correct the problem. He is expected to be ready within a week. Renewal will be for mobile devices company and for its computers.
Google services affect only the built-in Internet browser in devices with Android, which, however, is hundreds of millions of smartphones and tablets. The company announced that it is now ready to update to solve the problem, and it is transmitted to the manufacturers of the devices will have to decide whether and how to spread it to consumers. This is one of the main problems of Android, where reaching the updates to consumers depends mostly from manufacturers who often ignore older devices.