FREAK Attack – Android and Apple Browsers at Risk

A new Internet vulnerability is affecting popular SSL clients across the web. Eerily named FREAK, this flaw allows malicious parties and attackers to force servers to automatically downgrade to weakened ciphers. Once this is done, the attackers can easily crack all encrypted communications of these weakened servers through advanced Man-In-The-Middle (MITM) attacks. If all that sounds a bit complicated, this blog post aims to simplify it for you and give you the lowdown on how the FREAK attack affects you.

FREAK attack

How did this attack originate?

The origins of this attack lie in the complex and murky world of United States diplomacy and international relations in the 1980’s. A Federal policy at that time forbade the export of software products with strong encryption. As a result, weaker export-grade products were then shipped to other countries. While this policy was lifted in the 1990’s, this ‘weaker encryption’ somehow became embedded in various software applications of the time and was never actively rectified until many years later.

While some developers eventually shifted to stronger encryption over time, this flaw remained inherent in many applications. Attackers gradually discovered ways to force servers to switch to this weaker encryption so that they could successfully intercept their data with MITM attacks.

Why this attack is called ‘FREAK’?

The terminology of FREAK has been coined to represent “Factoring Attack on RSA-EXPORT Keys”.

What can attackers really do via FREAK?

This attack enables malicious parties to intercept web browsers and crack them over a few hours. This would enable the attackers to steal confidential passwords and other sensitive data. This could lead to several other privacy and security issues in turn. It can also enable attackers to take control over specific elements on webpages.

Right now the FREAK vulnerability primarily affects Android and Apple Safari web browsers. The Google Chrome browser installed on Android phones is not vulnerable. However, the in-built web browser is vulnerable to this attack. Searches carried out on the in-built Google search engine site are also not vulnerable.

Google has reported that it has extended solutions to its partners i.e. the manufacturers of Android devices. But it ultimately lies in the hands of these OEMs to implement the solution in order to protect their users. Apple is in the process of finding and implementing a solution for this purpose and intends to release the fix within a week.

How can I learn more about FREAK?

A good source for finding out which sites are affected and for further reading on the topic can be found on freakattack.com. Some popular sites that are affected by this vulnerability are as follows:

  • Business Insider
  • American Express
  • Jabong
  • Airtel
  • Tiny URL
  • Zomato
  • National Geographic
  • Axis Bank
  • Gaana
  • ZDNet

These and many other popular websites are vulnerable to FREAK. If you regularly visit and use these websites you need to be very careful. Researchers have also claimed that 36.7% of browser trusted sites are vulnerable. This effectively means that 1 in 3 sites that you visit could be at risk. Another good source for further reading on FREAK is this blog post issued by Matt Green, a Johns Hopkins cryptographer who is investigating this flaw.

FREAK comes along at a time when authorities all over the world are already struggling with the moral issue of gaining access into people’s personal devices and accounts for law enforcement purposes. They are also dealing with strong encryption technology implemented by device makers and their disagreement to grant these ‘open doors’ into devices.

The Quick Heal Threat Research Labs are also investigating this flaw further and we will be posting updates on FREAK from time to time.

Rahul Thadani

Rahul Thadani


74 Comments

Your email address will not be published.

CAPTCHA Image

  1. Will this FREAK flaw affect my p.c. Which is secured by quick heal total security 2015??????

    Reply
    • Rahul Thadani Rahul ThadaniMarch 9, 2015 at 10:22 AM

      Hi Chinmay,

      As has been mentioned, this will affect select websites as this is an issue on the server end. There isn’t much that can be done from the point of view of each PC or mobile.

      Regards.

      Reply
  2. what is this?

    Reply
    • Rahul Thadani Rahul ThadaniMarch 9, 2015 at 10:27 AM

      Hi Sagar,

      This is a server side vulnerability that afflicts websites and their functionality. If you have any more specific questions, do let us know.

      Regards.

      Reply
  3. Avatar Nikhil N DaveMarch 5, 2015 at 5:47 PM

    My Google Crome blocked for secutity certificate

    Reply
    • Rahul Thadani Rahul ThadaniMarch 9, 2015 at 10:28 AM

      Hi Nikhil,

      It is recommended that you use another web browser for the time being. Once this flaw has been rectified, you can begin using Google Chrome once again.

      Regards.

      Reply
  4. Avatar Abdullah SumarMarch 5, 2015 at 6:17 PM

    Thank you quick heal for always updating us on the threats we might face on the internet or otherwise with our systems. Really appreciate your service 🙂

    Reply
    • Avatar LALIT KUMAR VYASMarch 6, 2015 at 9:02 PM

      quick heel provide safe from freak attack and safe handle your record from virus and make confidential really this is good service provider for keeping data bank upgrade or updating data so very safely service

      Reply
  5. Avatar Rudolph SylvaMarch 5, 2015 at 6:59 PM

    Great to know you are keeping us and our businesses safe. Cannot say enough how much this is appreciated.

    Reply
  6. Thank you, Quick Heal, for the update.

    Reply
  7. Avatar B.J.MASSAWEMarch 5, 2015 at 7:40 PM

    Thanks for the alert.
    Keep us informed.
    B.J.Massawe

    Reply
  8. Avatar R. SarkarMarch 5, 2015 at 8:44 PM

    Many many thanks.

    Reply
  9. Avatar Anand SuryawanshiMarch 5, 2015 at 9:38 PM

    Quick heal you’re really amazing..
    you protect my pc from artificial mails which may contain virus….

    Reply
  10. Avatar Dr Amitabh MehtaMarch 5, 2015 at 10:38 PM

    Thank you

    Reply
  11. Avatar G.VENKATESWARA RAOMarch 6, 2015 at 12:00 AM

    Quick heal is the best anti virus.please tell us more informations

    Reply
  12. i use quickheal in both my laptop & handset.
    How I can confirm that my devices are not affected ?

    Reply
    • Rahul Thadani Rahul ThadaniMarch 9, 2015 at 10:29 AM

      Hi,

      You can visit the link freakattack.com. There you will get a message about whether the browser you are using is safe or not.

      Regards.

      Reply
  13. THANKS FOR ALERT……

    Reply
  14. Avatar B.S. KARTHICK BABUMarch 6, 2015 at 6:55 AM

    Thanks to Quick Heal for providing their earlier alarm updates about threats and protecting us from dangerous virus attacks. I appreciate your prompt service and keep it up always..

    Reply
  15. Avatar Abhishek PatilMarch 6, 2015 at 10:28 AM

    Thank you Quick Heal for updating me with the latest threats which I was not known for.

    Reply
  16. Avatar Mahesh PatelMarch 6, 2015 at 10:47 AM

    Thanks Rahul

    Reply
  17. Avatar Kirit DaveMarch 6, 2015 at 11:14 AM

    Thanks for updating your customers. Please continue the good work.

    Reply
  18. Avatar R. Ch. surMarch 6, 2015 at 11:26 AM

    thanx for the alert qheal.

    Reply
  19. Avatar Yamin ChowdhuryMarch 6, 2015 at 11:28 AM

    Good job! Thank you for the alert! Keep doing this in future.

    Reply
  20. Avatar Deepak DuttaMarch 6, 2015 at 11:38 AM

    Thank you for the update.Very valuable information.

    Reply
  21. Avatar Abhishek rajanMarch 6, 2015 at 2:22 PM

    10x for the alert

    Reply
  22. thanx…

    I think thats why my Anroid is not comfortable in opening the google and related sites. even play store is not working

    Reply
  23. Avatar prakash thosarMarch 6, 2015 at 4:00 PM

    thanks , keep it up !!!!

    Reply
  24. Avatar PAKHAJANWALA HIREN SHANTILALMarch 6, 2015 at 8:02 PM

    Thank you quick heal for always updating us on the threats we might face on the internet or otherwise with our systems. Really appreciate your service

    Reply
  25. This was helpful!

    Reply
  26. Avatar Hirdesh KumarMarch 6, 2015 at 9:37 PM

    Thanks for the alert.
    Keep us informed.
    Hirdesh Kumar

    Reply
  27. Avatar VIRENDRA SHARMAMarch 6, 2015 at 9:45 PM

    Thank you quick heal.

    Reply
  28. Avatar abhishek kMarch 6, 2015 at 10:32 PM

    you all r great at what u do..thanks for informin us..

    Reply
  29. Avatar Shivkumar SharmaMarch 6, 2015 at 10:42 PM

    Thank you quick heal for always updating us on the threats we might face on the internet or otherwise with our systems. Really appreciate your service

    Reply
  30. Avatar dilip kumar singhMarch 6, 2015 at 10:55 PM

    I heartily appreciate to inventors who are working for safety of human kind, as ultimately it is not the person who is sufferer against such attacks but it is also his/her family who are dependent on him/her.

    Reply
  31. Avatar Santosh ShahaneMarch 7, 2015 at 8:01 AM

    Thanks for the information and alert Quick Heal.
    Please let me know that similar attack is for Windows OS and windows phones.
    Thanks Again.

    Reply
  32. Avatar vijaykumar NarwadeMarch 7, 2015 at 11:22 AM

    QUICKHEAL, Thanks for the alert blogs.

    Reply
  33. registered quick heal antiwris

    Reply
  34. Avatar Jasbir SinghMarch 7, 2015 at 2:13 PM

    What about remedial measures for those already affected?

    Reply
    • Rahul Thadani Rahul ThadaniMarch 9, 2015 at 11:59 AM

      Hi Jasbir,

      We have posted a new blog that informs users about what to do. Kindly refer to that and stay tuned for further updates and tips on this matter.

      Regards.

      Reply
  35. sir,
    thank U for updating the information on new virus attacks

    Reply
  36. Thank you

    Reply
  37. Avatar S. J. SEBASTIANMarch 8, 2015 at 1:48 PM

    Appreciate for the FREAK attack news. The manufacturers of Android and Apple should make some positive software measures that FREAK should not intrude such products.

    Reply
  38. Avatar Ashok RathMarch 8, 2015 at 4:06 PM

    Thanks QH. I browse NG frequently, use Airtel often. Have been using QH, for more than 7 years, very dependable. ThanQ for the alert.

    Reply
  39. Avatar M.S. RathoreMarch 8, 2015 at 5:20 PM

    thanks for the alert & doing needful at your end

    Reply
  40. very good

    Reply
  41. Avatar BABULI CHARAN JENAMarch 8, 2015 at 10:49 PM

    THANKS FOR ALLOT GIVE A SOLUTION TO RECOVER.

    Reply
  42. Avatar BABULI CHARAN JENAMarch 8, 2015 at 10:50 PM

    IWILL WAIT FOR YOUR SOLUTION.

    Reply
  43. what sud I do when I got alert ?

    how to protect?

    Reply
    • Rahul Thadani Rahul ThadaniMarch 9, 2015 at 11:50 AM

      Hi Aditi,

      For the time being, you can stop using browsers which are vulnerable to this threat. To check the status of the browser you are using, you can visit this link – freakattack.com.

      Regards.

      Reply
  44. Avatar Devesh K PatelMarch 9, 2015 at 9:58 AM

    Thank you For your valuable information. i am a developer but still i afrai by this type of problem. it is a very good effort to alert people

    Reply
  45. Avatar Narhari SharmaMarch 9, 2015 at 10:52 AM

    Will this FREAK flaw affect my p.c. Which is secured by quick heal total security, My PC working very slow, Please help me………

    Reply
    • Rahul Thadani Rahul ThadaniMarch 9, 2015 at 11:48 AM

      Hi Narhari,

      As mentioned, this flaw affects the server side of websites. Individual PCs are not at risk, as long as secure web browsers are used. To check the status of the browser that you are using, please visit this link – freakattack.com.

      Regards.

      Reply
  46. Avatar chander shekhar prajapatMarch 9, 2015 at 11:46 AM

    what is this sir i rqst 4 u please update my quick heal antivirues

    Reply
    • Rahul Thadani Rahul ThadaniMarch 9, 2015 at 11:49 AM

      Hi,

      In case you need to update the virus database of your Quick Heal product, you can do that via the Quick Heal dashboard of your product. Also, if you need to update the validity of your product as well, you can renew your Quick Heal license via the dashboard as well.

      Regards.

      Reply
  47. Thanks for the info. I am worried because I frequently use the Axis Bank and Airtel services. And I am worried about those who use the ‘Gaana’ service. Could become ‘begaana’ if things go wrong..

    I am also suffering from a different kind of FREAK attack-courtesy QHTS. It is called ‘ FRequent Error Message Announcement in my Komputer’ It involves such esoteric cautionary messages like ” Your Firefox running without Sandbox protection” or Antivirus Protection is Off etc when I first plugin to my system.

    With a license valid till 2018 and all Security features ckecked ‘ON’ it is a bit worrisome and I shall be glad to know how to get these messages OFF my Action Centre box.

    Thnx..

    Reply
    • Rajiv Singha Rajiv SinghaMarch 12, 2015 at 11:43 AM

      Hi Biman,

      Thank you for using our product. The Sandbox protection feature basically secludes your browsers from the real environment of your PC. This is so because if any malicious file gets downloaded from your browser, it will remain in the Sandbox environment and will be prevented from reaching your real PC. Hence, the message is simply an advisory that you receive if your browsers are not Sandboxed.

      About the second message “Antivirus Protection is Off”, our engineers would be glad to look into it and provide you with a solution. You can chat with them at https://bit.ly/QHSupport.

      To add further, if you choose not to receive any kind of notifications from us, then you can use the Silent Mode feature. Right click on the Quick Heal icon on your system tray, select Silent Mode. Please be informed that using this feature will not affect the security of your system in any way.

      Regards,

      Reply
  48. Avatar Longjam Langamba AngomMarch 9, 2015 at 2:19 PM

    Dear Rahul,

    Thanking you for the day to day upgraded freaking virus attacks.

    Reply
  49. Will this affect my smartphone?

    Reply
    • Rahul Thadani Rahul ThadaniMarch 10, 2015 at 12:21 PM

      Hi Sid,

      This mostly affects web browsers and the server side of websites. So it does not affect your phone directly. You can visit freakattack.com to see if the browser you are using is vulnerable or not.

      Regards.

      Reply
  50. Avatar Tapas MukherjeeMarch 9, 2015 at 6:35 PM

    what is this sir I request for you pleas Update my quick heal antivirues.

    Reply
    • Rahul Thadani Rahul ThadaniMarch 10, 2015 at 12:17 PM

      Hi Tapas,

      As mentioned in the blog, all details are available there about this attack and its components. For further updates, please stay tuned.

      Regards.

      Reply
  51. Avatar DeepanjaliMarch 9, 2015 at 7:50 PM

    some apps unfortunately stoped due to some mulfunctioning elements ,please solve it.Thank you.

    Reply
    • Rahul Thadani Rahul ThadaniMarch 10, 2015 at 12:12 PM

      Hi Deepanjali,

      Can you please share further information. What apps malfunctioned and what other issues are they facing? This will enable us to help you further.

      Regards.

      Reply
  52. Avatar nirmal mandalMarch 10, 2015 at 2:02 PM

    my lici portal do not open.what i do for opening lic portal.

    my computer effacted freak attack

    Reply
  53. Avatar sanjay barmanMarch 11, 2015 at 6:46 AM

    Is this really affect on ur accont ???..so wht is the advantage for us to use a Quick heal antivirus ???

    Reply
    • Rahul Thadani Rahul ThadaniMarch 11, 2015 at 11:52 AM

      Hi Sanjay,

      This is a server side issue with many web providers who use HTTPS security protocols. Until they fix this vulnerability from their end, there is nothing that any antivirus can do against such risks.

      Regards.

      Reply
  54. Sir
    I am trying to update but not able to update. Tried to call your call centre number but its busy all the time. I am trying since yesterday…..

    Reply
  55. Thank you

    Reply
  56. Hi Rajib Sir after visiting freakattack.com it shows warning for my tablet inbuilt browser through which visited this website and warns me to update my browser i two browsers currently one is inbuilt and operamini android browsers from googleplay now please suggest which android browsers is safe to use currently i have no idea which are safe browsers and which to use please suggest some browser options.Thankyou

    Reply
    • Rahul Thadani Rahul ThadaniApril 7, 2015 at 10:19 AM

      Hi Girish,

      As these browsers are getting updated, most of them have resolved this security issue already. Simply visit the link freakattack.com with the browser of your choice. If you see a message that says it is safe to use that browser, then you can continue using it.

      Regards.

      Reply