FREAK - TLS Downgrade attack on Android and iOS
UPD : Internet Explorer, Chrome on Mac OS and Android, Safari on Mac OS and iOS, Blackberry Browser and Opera on Mac OS and Linux are also vulnerable
In the TLS implementation in OpenSSL and Apple TLS / SSL, researchers from INRIA, IMDEA and Microsoft discovered a vulnerability, which they gave the name FREAK (Factoring attack on RSA-EXPORT Keys) . The vulnerability is insufficient validation when performing TLS Handshake on the client side, which leads to the possibility of lowering encryption during the man-in-the-middle attack before using 512-bit RSA keys that can be picked up by an attacker within a few hours.
Modern TLS standards still allow the use of such weak encryption types, and some web servers (26.3% of the entire Internet using zmap statistics) still allow them to be used to establish a TLS connection.
')
It turned out that in the implementation of OpenSSL (Browser in Android) and Apple TLS / SSL (Safari) there is a bug that allows the “man in the middle” to force the client to use EXPORT encryption, even if the client did not declare his support. To do this, several conditions must be met:
Although the researchers managed to find the closed part of the 512-bit RSA key for the nsa.gov site, it is difficult to exploit the vulnerability in real life due to the fact that EXPORT keys are either generated every time the web server is restarted or are unique to each client. (the algorithm works the same as with the DH-keys).
If you use OpenSSL in your program, make sure you have version 1.0.1k or later installed.
iOS users need to wait for Apple's vulnerability to be fixed.
A page with top sites using EXPORT
Article from Matthew Green
In the TLS implementation in OpenSSL and Apple TLS / SSL, researchers from INRIA, IMDEA and Microsoft discovered a vulnerability, which they gave the name FREAK (Factoring attack on RSA-EXPORT Keys) . The vulnerability is insufficient validation when performing TLS Handshake on the client side, which leads to the possibility of lowering encryption during the man-in-the-middle attack before using 512-bit RSA keys that can be picked up by an attacker within a few hours.
EXPORT Ciphersuites
Around the middle of the 20th century, the United States introduced a law restricting the export of strong ciphers outside the country. It was allowed to export only specially weakened versions of ciphers, for example, with keys of 40 or 56 bits for symmetric and 512 bits for asymmetric encryption. Serious restrictions existed until the end of 1992, and by the beginning of 2000 most of the restrictions were lifted, although some remain to this day.Modern TLS standards still allow the use of such weak encryption types, and some web servers (26.3% of the entire Internet using zmap statistics) still allow them to be used to establish a TLS connection.
')
It turned out that in the implementation of OpenSSL (Browser in Android) and Apple TLS / SSL (Safari) there is a bug that allows the “man in the middle” to force the client to use EXPORT encryption, even if the client did not declare his support. To do this, several conditions must be met:
- Client uses vulnerable version of OpenSSL or Apple TLS / SSL
- EXPORT encryption support enabled on server
- The presence of the private key RSA 512 bits from the attacker
Although the researchers managed to find the closed part of the 512-bit RSA key for the nsa.gov site, it is difficult to exploit the vulnerability in real life due to the fact that EXPORT keys are either generated every time the web server is restarted or are unique to each client. (the algorithm works the same as with the DH-keys).
What to do?
Android users should temporarily abandon the built-in browser and use Chrome (or any other third-party browser).If you use OpenSSL in your program, make sure you have version 1.0.1k or later installed.
iOS users need to wait for Apple's vulnerability to be fixed.
Links
Description of vulnerability from researchersA page with top sites using EXPORT
Article from Matthew Green
Source: https://habr.com/ru/post/252165/
All Articles