FREAK is the latest eye-catching security flaw affecting secure connections across the world following last year’s OpenSSL vulnerability, Heartbleed.
Popular web browsers and devices affected by the vulnerability include Microsoft’s Internet Explorer, Apple’s Safari web browser and Android’s default web browser.
Patches to fix the exploit were released earlier this week by Apple, Microsoft and others.
What you should do
Ensure all of your devices and software, particularly web browsers, are up-to-date. Many organisations have now released patches but not all machines have been updated.
Sentrian client devices will receive the patch in their next scheduled update.
What is FREAK?
FREAK (‘Factoring RSA Export Keys’) is an exploit in the SSL/TLS protocols that generally provide our secure connections to websites where hiding your data is vital, like banking or other pages with sensitive information.
Researchers from European researchers IMDEA and INRIA along with Microsoft Research discovered the vulnerability earlier this year but it is thought to have existed since the ‘90s.
The exploit works by forcing the secure connection to use an older and less powerful encryption type. Hackers are then able to crack the connection in a matter of hours to steal sensitive information, like passwords and other personal data.
ZDNet reports this vulnerability is the result of the NSA in ‘90s wanting a generally secure connection type but leaving it open to being cracked by an organisation with its level of resources. With today’s generally higher level of computing power, almost any hacker can exploit the FREAK vulnerability.