Recently, an encryption flaw was discovered that affects virtually every version of Windows. The vulnerability was identified in SSL/TLS implementations whereby “men-in-the-middle” attackers can force services and clients to use weak encryption, thereby creating a significant risk.
In addition to all the versions of Windows, other programs that use the same library are also affected to include Internet Explorer. The vulnerability is referred to as the “FREAK”, which is the acronym for Factoring Attack on RSA-Export Keys.
The vulnerability actually dates back to the 1990s, when a decision was made to limit RSA encryption keys to a strength of 512-bits in SSL implementations that are intended for export as a way of meeting rules set by the US Government on encryption system exports.
Although today the export cipher suites are not used, researchers recently found that a large number of services still offer support. In fact, there are some SSL/TLS clients to include web browsers that can be forced to accept the export cipher suites since they are relied on by bugs in crypto libraries.
The problem is that if any attackers are able to intercept either SSL or TLS connections between servers and clients with vulnerabilities, the encryption can be downgraded. If this happens, attackers would have the ability to crack the 512 bit keys simply by spending several hours using cloud services like Amazon’s EC3 for computing.
Earlier this week after the vulnerability was made publically known, tests were run. These tests showed that roughly 35% of all websites that are HTTPS enabled and with certificates showing they are a trusted browser were of particular risk. Some of the specific software used by vulnerable clients include Apple’s Secure Transport such as Opera, Safari, and Chrome, as well as OpenSSLl and stock browsers associated with the Blackberry.
After the discovery was made, a security advisory was released by Microsoft stating that a crypto library known as Secure Channel or Schannel, used to support all versions of Windows, was vulnerable. Therefore, any program that relies on Schannel is at risk, which includes Internet Explorer.
As part of the warning advisory, Microsoft provided a workaround whereby RSA key exchange ciphers can be disabled using the Group Policy Object Editor. Even so, this could lead to servers refusing connections if no other cipher suites are supported. In addition, the provided workaround cannot be used on Windows Server 2003 since enabling or disabling individual ciphers is not allowed on that platform.
To determine if a user’s browser is at risk, computer scientists at the University of Michigan established a website at https://freakattack.com. Included on the site is valuable information about patching efforts underway for SSL/TLS libraries and various browsers, but also a list of the most popular HTTPS websites that are affected.