FREAK Attack – Android and Apple Browsers at Risk
A new Internet vulnerability is affecting popular SSL clients across the web. Eerily named FREAK, this flaw allows malicious parties and attackers to force servers to automatically downgrade to weakened ciphers. Once this is done, the attackers can easily crack all encrypted communications of these weakened servers through advanced Man-In-The-Middle (MITM) attacks. If all that sounds a bit complicated, this blog post aims to simplify it for you and give you the lowdown on how the FREAK attack affects you.
How did this attack originate?
The origins of this attack lie in the complex and murky world of United States diplomacy and international relations in the 1980’s. A Federal policy at that time forbade the export of software products with strong encryption. As a result, weaker export-grade products were then shipped to other countries. While this policy was lifted in the 1990’s, this ‘weaker encryption’ somehow became embedded in various software applications of the time and was never actively rectified until many years later.
While some developers eventually shifted to stronger encryption over time, this flaw remained inherent in many applications. Attackers gradually discovered ways to force servers to switch to this weaker encryption so that they could successfully intercept their data with MITM attacks.
Why this attack is called ‘FREAK’?
The terminology of FREAK has been coined to represent “Factoring Attack on RSA-EXPORT Keys”.
What can attackers really do via FREAK?
This attack enables malicious parties to intercept web browsers and crack them over a few hours. This would enable the attackers to steal confidential passwords and other sensitive data. This could lead to several other privacy and security issues in turn. It can also enable attackers to take control over specific elements on webpages.
Right now the FREAK vulnerability primarily affects Android and Apple Safari web browsers. The Google Chrome browser installed on Android phones is not vulnerable. However, the in-built web browser is vulnerable to this attack. Searches carried out on the in-built Google search engine site are also not vulnerable.
Google has reported that it has extended solutions to its partners i.e. the manufacturers of Android devices. But it ultimately lies in the hands of these OEMs to implement the solution in order to protect their users. Apple is in the process of finding and implementing a solution for this purpose and intends to release the fix within a week.
How can I learn more about FREAK?
A good source for finding out which sites are affected and for further reading on the topic can be found on freakattack.com. Some popular sites that are affected by this vulnerability are as follows:
- Business Insider
- American Express
- Jabong
- Airtel
- Tiny URL
- Zomato
- National Geographic
- Axis Bank
- Gaana
- ZDNet
These and many other popular websites are vulnerable to FREAK. If you regularly visit and use these websites you need to be very careful. Researchers have also claimed that 36.7% of browser trusted sites are vulnerable. This effectively means that 1 in 3 sites that you visit could be at risk. Another good source for further reading on FREAK is this blog post issued by Matt Green, a Johns Hopkins cryptographer who is investigating this flaw.
FREAK comes along at a time when authorities all over the world are already struggling with the moral issue of gaining access into people’s personal devices and accounts for law enforcement purposes. They are also dealing with strong encryption technology implemented by device makers and their disagreement to grant these ‘open doors’ into devices.
The Quick Heal Threat Research Labs are also investigating this flaw further and we will be posting updates on FREAK from time to time.
74 Comments
Will this FREAK flaw affect my p.c. Which is secured by quick heal total security 2015??????
Hi Chinmay,
As has been mentioned, this will affect select websites as this is an issue on the server end. There isn’t much that can be done from the point of view of each PC or mobile.
Regards.
what is this?
Hi Sagar,
This is a server side vulnerability that afflicts websites and their functionality. If you have any more specific questions, do let us know.
Regards.
My Google Crome blocked for secutity certificate
Hi Nikhil,
It is recommended that you use another web browser for the time being. Once this flaw has been rectified, you can begin using Google Chrome once again.
Regards.
Thank you quick heal for always updating us on the threats we might face on the internet or otherwise with our systems. Really appreciate your service 🙂
quick heel provide safe from freak attack and safe handle your record from virus and make confidential really this is good service provider for keeping data bank upgrade or updating data so very safely service
Great to know you are keeping us and our businesses safe. Cannot say enough how much this is appreciated.
Thank you, Quick Heal, for the update.
Thanks
Thanks for the alert.
Keep us informed.
B.J.Massawe
Many many thanks.
Quick heal you’re really amazing..
you protect my pc from artificial mails which may contain virus….
Thank you
Quick heal is the best anti virus.please tell us more informations
i use quickheal in both my laptop & handset.
How I can confirm that my devices are not affected ?
Hi,
You can visit the link freakattack.com. There you will get a message about whether the browser you are using is safe or not.
Regards.
THANKS FOR ALERT……
Thanks to Quick Heal for providing their earlier alarm updates about threats and protecting us from dangerous virus attacks. I appreciate your prompt service and keep it up always..
Thank you Quick Heal for updating me with the latest threats which I was not known for.
Thanks Rahul
Thanks for updating your customers. Please continue the good work.
thanx for the alert qheal.
Good job! Thank you for the alert! Keep doing this in future.
Thank you for the update.Very valuable information.
10x for the alert
thanx…
I think thats why my Anroid is not comfortable in opening the google and related sites. even play store is not working
thanks , keep it up !!!!
Thank you quick heal for always updating us on the threats we might face on the internet or otherwise with our systems. Really appreciate your service
This was helpful!
Thanks for the alert.
Keep us informed.
Hirdesh Kumar
Thank you quick heal.
you all r great at what u do..thanks for informin us..
Thank you quick heal for always updating us on the threats we might face on the internet or otherwise with our systems. Really appreciate your service
I heartily appreciate to inventors who are working for safety of human kind, as ultimately it is not the person who is sufferer against such attacks but it is also his/her family who are dependent on him/her.
Thanks for the information and alert Quick Heal.
Please let me know that similar attack is for Windows OS and windows phones.
Thanks Again.
QUICKHEAL, Thanks for the alert blogs.
registered quick heal antiwris
What about remedial measures for those already affected?
Hi Jasbir,
We have posted a new blog that informs users about what to do. Kindly refer to that and stay tuned for further updates and tips on this matter.
Regards.
sir,
thank U for updating the information on new virus attacks
Thank you
Appreciate for the FREAK attack news. The manufacturers of Android and Apple should make some positive software measures that FREAK should not intrude such products.
Thanks QH. I browse NG frequently, use Airtel often. Have been using QH, for more than 7 years, very dependable. ThanQ for the alert.
thanks for the alert & doing needful at your end
very good
THANKS FOR ALLOT GIVE A SOLUTION TO RECOVER.
IWILL WAIT FOR YOUR SOLUTION.
what sud I do when I got alert ?
how to protect?
Hi Aditi,
For the time being, you can stop using browsers which are vulnerable to this threat. To check the status of the browser you are using, you can visit this link – freakattack.com.
Regards.
Thank you For your valuable information. i am a developer but still i afrai by this type of problem. it is a very good effort to alert people
Will this FREAK flaw affect my p.c. Which is secured by quick heal total security, My PC working very slow, Please help me………
Hi Narhari,
As mentioned, this flaw affects the server side of websites. Individual PCs are not at risk, as long as secure web browsers are used. To check the status of the browser that you are using, please visit this link – freakattack.com.
Regards.
what is this sir i rqst 4 u please update my quick heal antivirues
Hi,
In case you need to update the virus database of your Quick Heal product, you can do that via the Quick Heal dashboard of your product. Also, if you need to update the validity of your product as well, you can renew your Quick Heal license via the dashboard as well.
Regards.
Thanks for the info. I am worried because I frequently use the Axis Bank and Airtel services. And I am worried about those who use the ‘Gaana’ service. Could become ‘begaana’ if things go wrong..
I am also suffering from a different kind of FREAK attack-courtesy QHTS. It is called ‘ FRequent Error Message Announcement in my Komputer’ It involves such esoteric cautionary messages like ” Your Firefox running without Sandbox protection” or Antivirus Protection is Off etc when I first plugin to my system.
With a license valid till 2018 and all Security features ckecked ‘ON’ it is a bit worrisome and I shall be glad to know how to get these messages OFF my Action Centre box.
Thnx..
Hi Biman,
Thank you for using our product. The Sandbox protection feature basically secludes your browsers from the real environment of your PC. This is so because if any malicious file gets downloaded from your browser, it will remain in the Sandbox environment and will be prevented from reaching your real PC. Hence, the message is simply an advisory that you receive if your browsers are not Sandboxed.
About the second message “Antivirus Protection is Off”, our engineers would be glad to look into it and provide you with a solution. You can chat with them at https://bit.ly/QHSupport.
To add further, if you choose not to receive any kind of notifications from us, then you can use the Silent Mode feature. Right click on the Quick Heal icon on your system tray, select Silent Mode. Please be informed that using this feature will not affect the security of your system in any way.
Regards,
Dear Rahul,
Thanking you for the day to day upgraded freaking virus attacks.
Will this affect my smartphone?
Hi Sid,
This mostly affects web browsers and the server side of websites. So it does not affect your phone directly. You can visit freakattack.com to see if the browser you are using is vulnerable or not.
Regards.
what is this sir I request for you pleas Update my quick heal antivirues.
Hi Tapas,
As mentioned in the blog, all details are available there about this attack and its components. For further updates, please stay tuned.
Regards.
some apps unfortunately stoped due to some mulfunctioning elements ,please solve it.Thank you.
Hi Deepanjali,
Can you please share further information. What apps malfunctioned and what other issues are they facing? This will enable us to help you further.
Regards.
my lici portal do not open.what i do for opening lic portal.
my computer effacted freak attack
Hi Nirmal,
We recommend that you contact our technical team for assistance with this issue. You can reach them in the following 2 ways:
1. Call them on 0-927-22-33-000
2. Submit a ticket by visiting this link – https://www.quickheal.co.in/submitticket
Regards.
Is this really affect on ur accont ???..so wht is the advantage for us to use a Quick heal antivirus ???
Hi Sanjay,
This is a server side issue with many web providers who use HTTPS security protocols. Until they fix this vulnerability from their end, there is nothing that any antivirus can do against such risks.
Regards.
Sir
I am trying to update but not able to update. Tried to call your call centre number but its busy all the time. I am trying since yesterday…..
Hi Purvesh,
Sorry for the inconvenience. Kindly submit a ticket by visiting this link – https://www.quickheal.co.in/submitticket.
Our technical support team will contact you as soon as possible.
Regards.
Thank you
Hi Rajib Sir after visiting freakattack.com it shows warning for my tablet inbuilt browser through which visited this website and warns me to update my browser i two browsers currently one is inbuilt and operamini android browsers from googleplay now please suggest which android browsers is safe to use currently i have no idea which are safe browsers and which to use please suggest some browser options.Thankyou
Hi Girish,
As these browsers are getting updated, most of them have resolved this security issue already. Simply visit the link freakattack.com with the browser of your choice. If you see a message that says it is safe to use that browser, then you can continue using it.
Regards.