Skip to content
View in the app

A better way to browse. Learn more.
Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Apple, Android browsers vulnerable to ‘FREAK attack’

thai tech
in IT and Computers

Featured Replies

Apple, Android browsers vulnerable to ‘FREAK attack’

hacking-699x336.jpg

SAN FRANCISCO (AP) — Millions of people may have been left vulnerable to hackers while surfing the web on Apple and Google devices, thanks to a newly discovered security flaw known as “FREAK attack.”

There’s no evidence so far that any hackers have exploited the weakness, which companies are now moving to repair. Researchers blame the problem on an old government policy, abandoned over a decade ago, which required U.S. software makers to use weaker security in encryption programs sold overseas due to national security concerns.

Many popular websites and some Internet browsers continued to accept the weaker software, or can be tricked into using it, according to experts at several research institutions who reported their findings Tuesday. They said that could make it easier for hackers to break the encryption that’s supposed to prevent digital eavesdropping when a visitor types sensitive information into a website.

Read more: http://tech.thaivisa.com/apple-android-browsers-vulnerable-to-freak-attack/6165/

Summary: FREAK attack is getting both client and server to accept a low level encryption that can be cracked by an EC2 instance for about $100 computing time. So the encryption is weak; it can be cracked; but an attacker would still need to listen in on your connection, and be able to inject packets. In practice that would leave this kind of attack as a great thing for the NSA and other secret services - they could crack these keys in no time at all with the computing power they have, and they also have the ability to intercept connections.

For your average hacker, it's going to be impossible.

For crime syndicates it's probably too complicated to worry about - for example if they want to fish for bank account details, they're going to install malware on clients and servers, which is going to be a lot easier than a FREAK attack.

Here's a tool to check if a server is affected:

https://tools.keycdn.com/freak

I tested a few big ones, and they all seem to have patched this vulnerability by now. When they say that Android and iOS devices are vulnerable it's not the whole truth. They are vulnerable, but only if the server is also vulnerable.

Create an account or sign in to comment
Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.