FREAK - Why Is This Encryption Bug Such A Big Deal?

A new security flaw that went completely undetected for years is causing big concern and prompting more than a few tech giants into updating website security and issuing patches.

The flaw has been dubbed FREAK, and weakens the encrypted connections between computers and websites, allowing hackers to intercept traffic between clients and servers.

Essentially, secure connections can be weakened so much they can then be hacked within a matter of a few hours, putting users at risk of data being stolen.

Microsoft has admitted some of its computers are vulnerable to the flaw, essentially putting hundreds of millions of users at risk.

There are a number of reasons FREAK is different from other security flaws. The first is that it has been around for years. In fact, the flaw was first implemented in the 1990s, suggesting that it could be up to a massive 25 years old.

Another thing that makes FREAK different is the fact it's so widespread. Many websites are affected by it, as are programs such as Apple's Safari. In fact, any app that uses a version of OpenSSL before update 1.0.1k is vulnerable to the flaw.

The irony lies in the fact that OpenSSL is designed to enhance security, however it has been at the center of a number of security problems, including Heartbleed.

Entire operating systems are also affected by FREAK, such as Google's mobile operating system, Android, and Microsoft's Windows. With so many systems, apps and operating systems affected by the flaw, there is serious cause for concern for many people.

Fortunately, the general user has little cause for concern. While most people probably are using a device that is vulnerable, the fact is that it still takes a significant effort for hackers to break into a system or device via the vulnerability.

Not only that, but it is also likely most people will receive updates in the next few weeks addressing the issue. Apple said it will be issuing an update to iOS and OS X within the next few days, and Google has already updated Chrome. Microsoft has said that it is working on a patch to fox the problem in Windows.

While Google has issued an update for Chrome, it will be a little more difficult for the company to update Android, largely because of the fragmentation that exists in Android devices. It could take months before most people have updated Android devices. Nonetheless, Google said it has issued a fix to Android to device makers like Samsung and wireless carriers.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics