Apple and Google Working to Fix “FREAK Attack” That Has Left Users Vulnerable for Over a Decade

By Paul Tamburro

A security exploit known as “FREAK Attack” has seen millions of Google and Apple device users been left vulnerable to attacks for over a decade.

This particular flaw dates back to the ’90s, with hackers reportedly using old encryption modes left in certain devices, with Google and Apple currently open to potential security threats more than any other companies due to them utilizing unpatched OpenSSL.

 

Also See: Why the Apple Watch Doesn’t Have to be Useful to be Successful

Essentially, Apple and Google previously implemented “export-grade” encryption due to an old US government policy, which didn’t allow them to sell products overseas back in the ’90s that contained strong encryption. Back then, only a supercomputer could have successfully bypassed the export-grade encryption, but now hackers can now intercept HTTPS connections between their victims and the servers they’re using, forcing them to use the old encryption ciphers that remain on their devices.

When the user is forced to use these old encryption ciphers, any information they submit including passwords, usernames and bank information can be accessed by the attacker in a matter of hours. Though users have been left vulnerable to this attack since devices progressed beyond these dated encryption methods, researchers have only just discovered the exploit, leaving Apple, Google and a number of other tech companies to pick up the pieces.

The export-grade encryption methods can reportedly be found in both Android and Apple products, with browsers such as Safari also at risk. You can visit FreakAttack.com to see a detailed list of the sites featured in the Alexa top 10,000 that are vulnerable to the attack, which worryingly include a number of banks, including American Express and Axis, retailers, and even the NSA.

Apple is already on the case, with a spokesperson for the company saying: “We have a fix in iOS and OS X that will be available in software updates next week.”

While this isn’t as downright terrifying as many are reporting, it is still unsettling that this vulnerability has remained unchecked for such a lengthy period of time. It shouldn’t take too much effort to remove these old, useless encryption methods, though, so this issue will likely be rectified by all involved parties sooner rather than later.

Photo: Getty Images

Paul Tamburro
Paul Tamburro

Paul Tamburro is the UK, Tech & Gadgets and Gaming Editor for CraveOnline. When he isn't busy reporting upon all the latest developments in the tech and gaming industries, he spends his spare time surrounding himself in the latest technology and video games, and enforcing his opinions on everything from Apple to Nintendo onto other people. It's fortunate that this is his job, really.

You can follow him on Twitter @PaulTamburro.

Share article

TRENDING
No content yet. Check back later!
Related
X