Another FREAK vulnerability in SSL/TLS Protocol

March 11, 2015 Vikas Gupta

SSL/TLS protocol is yet again in the spotlight because of a new vulnerability disclosure. On March 3, 2015, researchers disclosed FREAK (Factoring RSA Export Keys) attack which exploits a flaw in the implementation of SSL/TLS in certain softwares. The attack primarily targets a class of deliberately weak 'export cipher suites.' An attacker carrying out a man-in-the-middle attack can trick a client, such as a browser or a native app, to use these weak ciphers there by decrypting and listening-in on an encrypted SSL communication channel. 

The attack was originally reported by Karthikeyan Bhargavan at INRIA, Paris on 8th January 2015 and was assigned the CVE reference CVE-2015-0204. One of the popular SSL libraries, OpenSSL, released a patch in January 2015. The vulnerability was not discussed publicly so as to give affected organisations enough time to update their respective infrastructure. 

As per the details published at freakattack.com, "A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers a RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204."  So, an attacker can use a man-in-the-middle attack and force the client and server to use a weak cipher such as 512-bit RSA encryption key by carefully sending crafted SSL handshake packets. As per an estimate, factoring a 512-bit RSA key takes around seven hours and costs as little as around $100.  An attacker can use multiple cloud computation services, like Amazon EC2, to further speed up the attack and determine the RSA decryption key. Later using this key, the attacker an retrieve the master secret and see all of the communication between the client and the server. Considering the ease of carrying out FREAK attack by a determined attacker, the flaw is considered potentially catastrophic. 

In order to circumvent the vulnerability, web server administrators should disable the support for RSA_EXPORT cipher suites. If OpenSSL library is being used in the web servers, please upgrade to either 1.0.1k, 1.0.0p, or .0.9.8zd version.  If you are a SaaS app vendor, visit here to check if any of your servers are vulnerable to FREAK attack. 

The end user devices currently considered vulnerable include Android Smartphones, Apple iPhones, and Macs running Apple's OS X operating system.  As of today, it is believed that Linux end-user devices are not vulnerable to FREAK attack. Google has already patched Chrome. Please use Chrome version 41 and above.  Apple has promised to deliver the fix in a week's time.  You can test if you end device is vulnerable to FREAK attack by visiting here using your browser. 

The nature of this attack poses a greater threat to enterprises using SaaS services if those services are still vulnerable to FREAK attack. A skilled attacker can carry out a targeted attack and take full control of the enterprises's services or data.  At Netskope, we are continuously monitoring the SaaS services which are still vulnerable to this attack. As of today, we researched around 7,000 SaaS apps and found 473 SaaS apps to be vulnerable to FREAK attack spanning over a total of 2806 unique domains/IP addresses. 

*Update - 5 March 2015: Microsoft has published an advisory (3046015) that the FREAK vulnerability exists in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. The advisory also provides suggestions to workaround this vulnerability.

**Update - 6 March 2015: As of today, we found 459 SaaS apps to still be vulnerable to FREAK attack spanning over a total of 2556 unique domains/IP addresses.  

**Update - 8 March 2015: As of today, we found 450 SaaS apps to still be vulnerable to FREAK attack spanning over a total of 2525 unique domains/IP addresses. 

**Update - 9 March 2015: As of today, we found 447 SaaS apps to still be vulnerable to FREAK attack spanning over a total of 2505 unique domains/IP addresses. 

**Update - 10 March 2015:  As of today, we found 439 SaaS apps to still be vulnerable to FREAK attack spanning over a total of 2331 unique domains/IP addresses. 

Microsoft has released a patch for Windows systems, while Apple too released a patch for its OSX and iOS devices. We recommend users to update their systems. 

**Update - 11 March 2015: As of today, we found 362 SaaS apps to still be vulnerable to FREAK attack spanning over a total of 1591 unique domains/IP addresses. 

** Update - 12 March 2015: As of today, we found 360 SaaS apps to be still vulnerable to FREAK attack spanning over a total of 1581 unique domains/IP addresses.

** Update - 13 March 2015: As of today, we found 354 SaaS apps to be still vulnerable to FREAK attack spanning over a total of 1561 unique domains/IP addresses.

** Update - 14 March 2015: As of today, we found 343 SaaS apps to be still vulnerable to FREAK attack spanning over a total of 1534 unique domains/IP addresses.

**Update - 15 March 2015: As of today, we found 341 SaaS apps to still be vulnerable to FREAK attack spanning over a total of 1526 unique domains/IP addresses.

**Update - 19 March 2015: As of today, we found 336 SaaS apps to still be vulnerable to FREAK attack spanning over a total of 1506 unique domains/IP addresses. 

**Update - 26 March 2015: As of today, we found 316 SaaS apps to still be vulnerable to FREAK attack spanning over a total of 1346 unique domains/IP addresses. 

Learn more about how Netskope secures cloud apps.

Previous Article
Movie Line Monday Rewind: A place for your stuff
Movie Line Monday Rewind: A place for your stuff

In this episode of Movie Line Monday, Sr. Director of Product Marketing Bob Gilbert reaches back into the e...

Next Article
Movie Line Monday Rewind: Open Source is Open, But Not Free
Movie Line Monday Rewind: Open Source is Open, But Not Free

Netskope Chief Network Architect, Steve Malmskog, who gets into the pros/cons of using open source software.