Express Computer
Home  »  News  »  Apple, Android browsers vulnerable to ‘FREAK attack’

Apple, Android browsers vulnerable to ‘FREAK attack’

0 572

Millions of people may have been left vulnerable to hackers while surfing the web on Apple and Google devices, thanks to a newly discovered security flaw known as “FREAK attack”.

There’s no evidence so far that any hackers have exploited the weakness, which companies are now moving to repair.

Researchers blame the problem on an old government policy, abandoned over a decade ago, which required US software makers to use weaker security in encryption programs sold overseas due to national security concerns.

Many popular websites and some Internet browsers continued to accept the weaker software, or can be tricked into using it, according to experts at several research institutions who reported their findings Tuesday. They said that could make it easier for hackers to break the encryption that’s supposed to prevent digital eavesdropping when a visitor types sensitive information into a website.

About a third of all encrypted websites were vulnerable as of Tuesday, including sites operated by American Express, Groupon, Kohl’s, Marriott and some government agencies, the researchers said. University of Michigan computer scientist Zakir Durumeric said the vulnerability affects Apple web browsers and the browser built into Google’s Android software, but not Google’s Chrome browser or current browsers from Microsoft or Firefox-maker Mozilla.

Apple Inc. and Google Inc. both said Tuesday they have created software updates to fix the “FREAK attack” flaw, which derives its name from an acronym of technical terms. Apple said its fix will be available next week and Google said it has provided an update to device makers and wireless carriers.

A number of commercial website operators are also taking corrective action after being notified privately in recent weeks, said Matthew Green, a computer security researcher at Johns Hopkins University.

But some experts said the problem shows the danger of government policies that require any weakening of encryption code, even to help fight crime or threats to national security. They warned those policies could inadvertently provide access to hackers.

“This was a policy decision made 20 years ago and it’s now coming back to bite us,” said Edward Felten, a professor of computer science and public affairs at Princeton, referring to the old restrictions on exporting encryption code.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image