Misplaced Pages

FREAK: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editContent deleted Content addedVisualWikitext
Revision as of 16:37, 9 March 2019 editInferno986return (talk | contribs)Extended confirmed users1,531 edits Added bug infobox← Previous edit Latest revision as of 15:53, 5 July 2024 edit undoGreenC bot (talk | contribs)Bots2,555,750 edits Rescued 1 archive link; Move 1 url. Wayback Medic 2.5 per WP:URLREQ#zdnet.com 
(19 intermediate revisions by 15 users not shown)
Line 1: Line 1:
{{Short description|Security exploit}}
{{about||the term referring to unusual people|Freak||Freak (disambiguation)}} {{about||the term referring to unusual people|Freak||Freak (disambiguation)}}


Line 5: Line 6:
| image = | image =
| caption = | caption =
| CVE = (OpenSSL), | CVE = {{CVE|2015-0204}} (OpenSSL),
{{CVE|2015-1637|link=no}} (Schannel),
(SChannel),
(Secure Transport) {{CVE|2015-1067|link=no}} (Secure Transport)
| discovered = {{Start date and age|2015|3|15}} | discovered = {{Start date and age|2015|03|03}}
| patched = | patched =
| discoverer = ], ], ] | discoverer = ], ], ]
| affected software = Client ] libraries (including ], ] and Secure Transport) | affected software = Client ] libraries (including ], ] and Secure Transport)
| website = | website =
}} }}


'''FREAK''' ("'''Factoring RSA Export Keys'''") is a ] of a cryptographic weakness in the ] protocols introduced decades earlier for compliance with ]. These involved limiting exportable software to use only ]s with ] moduli of 512 bits or less (so-called '']'' keys), with the intention of allowing them to be broken easily by the ] (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known ] algorithm, using as little as $100 of ] services. Combined with the ability of a ] to manipulate the initial ] between the endpoints in the connection and the fact that the Finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s. '''FREAK''' ("'''Factoring RSA Export Keys'''") is a ] of a cryptographic weakness in the ] protocols introduced decades earlier for compliance with ]. These involved limiting exportable software to use only ]s with ] moduli of 512 bits or fewer (so-called '']'' keys), with the intention of allowing them to be broken easily by the ] (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known ] algorithm, using as little as $100 of ] services. Combined with the ability of a ] to manipulate the initial ] between the endpoints in the connection and the fact that the finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.<ref>{{Cite web |title=The Dark Side of Microsoft Windows – Administrative... |url=https://www.beyondtrust.com/blog/entry/the-dark-side-of-microsoft-windows-administrative-privilege-and-access-security-weaknesses |access-date=2023-09-05 |website=BeyondTrust |language=en}}</ref>


==Vulnerability== ==Vulnerability==
The flaw was found by researchers from ], ] and ].<ref name=state-of-the-union>{{cite web|url=https://www.smacktls.com/smack.pdf|title=A Messy State of the Union: Taming the Composite State Machines of TLS|author= B. Beurdouche & al|publisher=IEEE Security and Privacy 2015|date=2015-05-18}}</ref><ref>{{cite web|url=https://www.smacktls.com/#freak|title=State Machine AttACKs against TLS (SMACK TLS)|work=smacktls.com}}</ref> The FREAK attack in OpenSSL has the identifier {{CVE|2015-0204}}.<ref>{{cite web|url=http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204|title=Vulnerability Summary for CVE-2015-0204|publisher=NIST|date=20 February 2015}}</ref> The flaw was found by researchers from ], ] and ].<ref name=state-of-the-union>{{cite web|url=https://www.smacktls.com/smack.pdf|title=A Messy State of the Union: Taming the Composite State Machines of TLS|author= B. Beurdouche & al|publisher=IEEE Security and Privacy 2015|date=2015-05-18}}</ref><ref name="smacktls.com">{{cite web|url=https://www.smacktls.com/#freak|title=State Machine AttACKs against TLS (SMACK TLS)|work=smacktls.com}}</ref> The FREAK attack in OpenSSL has the identifier {{CVE|2015-0204}}.<ref>{{cite web|url=http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204|title=Vulnerability Summary for CVE-2015-0204|publisher=NIST|date=20 February 2015}}</ref>


Vulnerable software and devices included ]'s ], the default browser in ]'s ] operating system, ]'s ], and ].<ref>{{cite web|url=https://www.forbes.com/sites/thomasbrewster/2015/03/03/freak-flaw-hits-android-and-iphone-users/|title=What The FREAK? Why Android And iPhone Users Need To Pay Attention To The Latest Hot Vulnerability|author=Thomas Fox-Brewster|publisher=Forbes|date=2015-03-03}}</ref><ref name=zdnet20150303>{{cite web|url=http://www.zdnet.com/article/freak-another-day-another-serious-ssl-security-hole/|title=FREAK: Another day, another serious SSL security hole|author= Steven J. Vaughan-Nichols|publisher=ZDNet|date=2015-03-03}}</ref> ] has also stated that its ] implementation of transport-layer encryption is vulnerable to a version of the FREAK attack in all versions of ].<ref>{{cite web|url=https://www.theregister.co.uk/2015/03/06/all_microsoft_windows_versions_vulnerable_to_freak/|title=All Microsoft Windows versions are vulnerable to FREAK|publisher=The Register|date=6 March 2015|author= Darren Pauli}}</ref> The CVE ID for Microsoft's vulnerability in ] is {{CVE|2015-1637}}.<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/security/3046015|title=Microsoft Security Advisory 3046015: Vulnerability in Schannel Could Allow Security Feature Bypass|publisher=Microsoft|date=March 5, 2015 }}</ref> The CVE ID for Apple's vulnerability in Secure Transport is {{CVE|2015-1067}}.<ref>{{cite web|url=https://support.apple.com/en-us/HT204423|title=About the security content of iOS 8.2|work=apple.com}}</ref> Vulnerable software and devices included ]'s ], the default browser in ]'s ] operating system, ]'s ], and ].<ref>{{cite web|url=https://www.forbes.com/sites/thomasbrewster/2015/03/03/freak-flaw-hits-android-and-iphone-users/|title=What The FREAK? Why Android And iPhone Users Need To Pay Attention To The Latest Hot Vulnerability|author=Thomas Fox-Brewster|work=Forbes|date=2015-03-03}}</ref><ref name=zdnet20150303>{{cite web|url=https://www.zdnet.com/article/freak-another-day-another-serious-ssl-security-hole/|title=FREAK: Another day, another serious SSL security hole|author= Steven J. Vaughan-Nichols|publisher=ZDNet|date=2015-03-03}}</ref> ] has also stated that its ] implementation of transport-layer encryption is vulnerable to a version of the FREAK attack in all versions of ].<ref>{{cite web|url=https://www.theregister.co.uk/2015/03/06/all_microsoft_windows_versions_vulnerable_to_freak/|title=All Microsoft Windows versions are vulnerable to FREAK|publisher=The Register|date=6 March 2015|author= Darren Pauli}}</ref> The CVE ID for Microsoft's vulnerability in ] is {{CVE|2015-1637}}.<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/security/3046015|title=Microsoft Security Advisory 3046015: Vulnerability in Schannel Could Allow Security Feature Bypass|publisher=Microsoft|date=March 5, 2015 }}</ref> The CVE ID for Apple's vulnerability in Secure Transport is {{CVE|2015-1067}}.<ref>{{cite web|url=https://support.apple.com/en-us/HT204423|title=About the security content of iOS 8.2|work=apple.com|date=23 January 2017 }}</ref>


Sites affected by the vulnerability included the US federal government websites fbi.gov, whitehouse.gov and nsa.gov,<ref name=timberg2015-03-03/> with around 36% of HTTPS-using websites tested by one security group shown as being vulnerable to the exploit.<ref name=fisher2015-03-03/> Based on geolocation analysis using IP2Location LITE, 35% of vulnerable servers are located in the US.<ref>{{cite web|url=https://infogr.am/https_sites_that_support_rsa_export_suites|title=FREAK Servers By Country|date=2015-03-03}}</ref> Sites affected by the vulnerability included the US federal government websites fbi.gov, whitehouse.gov and nsa.gov,<ref name=timberg2015-03-03/> with around 36% of HTTPS-using websites tested by one security group shown as being vulnerable to the exploit.<ref name=fisher2015-03-03/> Based on geolocation analysis using IP2Location LITE, 35% of vulnerable servers are located in the US.<ref>{{cite web|url=https://infogr.am/https_sites_that_support_rsa_export_suites|title=FREAK Servers By Country|date=2015-03-03}}</ref>


Press reports of the exploit have described its effects as "potentially catastrophic"<ref>{{cite web|url=https://arstechnica.com/security/2015/03/freak-flaw-in-android-and-apple-devices-cripples-https-crypto-protection/|title="FREAK" flaw in Android and Apple devices cripples HTTPS crypto protection|author=Dan Goodin|publisher=Ars Technica|date=3 March 2015}}</ref> and an "]" of US government efforts to control the spread of cryptographic technology.<ref name=timberg2015-03-03>{{cite web|url=https://www.washingtonpost.com/blogs/the-switch/wp/2015/03/03/freak-flaw-undermines-security-for-apple-and-google-users-researchers-discover/|title=‘FREAK’ flaw undermines security for Apple and Google users, researchers discover|author=Craig Timberg|publisher=Washington Post|date=2015-03-03}}</ref> Press reports of the exploit have described its effects as "potentially catastrophic"<ref>{{cite web|url=https://arstechnica.com/security/2015/03/freak-flaw-in-android-and-apple-devices-cripples-https-crypto-protection/|title="FREAK" flaw in Android and Apple devices cripples HTTPS crypto protection|author=Dan Goodin|publisher=Ars Technica|date=3 March 2015}}</ref> and an "]" of US government efforts to control the spread of cryptographic technology.<ref name=timberg2015-03-03>{{cite news|url=https://www.washingtonpost.com/blogs/the-switch/wp/2015/03/03/freak-flaw-undermines-security-for-apple-and-google-users-researchers-discover/|title='FREAK' flaw undermines security for Apple and Google users, researchers discover|author=Craig Timberg|newspaper=Washington Post|date=2015-03-03}}</ref>


{{As of|2015|03}}, vendors were in the process of releasing new software that would fix the flaw.<ref name=timberg2015-03-03/><ref name=fisher2015-03-03>{{cite web|url=https://threatpost.com/new-freak-attack-threatens-many-ssl-clients/111390|title=New FREAK Attack Threatens Many SSL Clients|author=Dennis Fisher|publisher=Threatpost|date=2015-03-03}}</ref> On March 9, 2015, Apple released security updates for both ] and ] operating systems which fixed this flaw.<ref>{{cite web|url=https://support.apple.com/HT204413|title=About Security Update 2015-002|publisher=Apple|date=March 9, 2015 }}</ref><ref>{{cite web|url=https://support.apple.com/HT204423|title=About the security content of iOS 8.2|publisher=Apple|date=March 9, 2015 }}</ref> On March 10, 2015, Microsoft released a patch which fixed this vulnerability for all supported versions of Windows (Server 2003, Vista and later).<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/security/ms15-031.aspx|title=Microsoft Security Bulletin MS15-031 - Important|publisher=Microsoft|date=March 10, 2015 }}</ref> ] 41 and ] 28 has also mitigated against this flaw.<ref>{{cite web|url=https://www.smacktls.com/#freak|title=State Machine AttACKs against TLS (SMACK TLS)|work=smacktls.com}}</ref> ] is not vulnerable against this flaw.<ref>{{cite web|url=http://www.eweek.com/blogs/security-watch/microsoft-admits-windows-users-are-vulnerable-to-freak-attacks.html|title=Microsoft Admits Windows Users Are Vulnerable to FREAK Attacks|work=eweek.com}}</ref> {{As of|2015|03}}, vendors were in the process of releasing new software that would fix the flaw.<ref name=timberg2015-03-03/><ref name=fisher2015-03-03>{{cite web|url=https://threatpost.com/new-freak-attack-threatens-many-ssl-clients/111390|title=New FREAK Attack Threatens Many SSL Clients|author=Dennis Fisher|publisher=Threatpost|date=2015-03-03}}</ref> On March 9, 2015, Apple released security updates for both ] and ] operating systems which fixed this flaw.<ref>{{cite web|url=https://support.apple.com/HT204413|title=About Security Update 2015-002|publisher=Apple|date=March 9, 2015 }}</ref><ref>{{cite web|url=https://support.apple.com/HT204423|title=About the security content of iOS 8.2|publisher=Apple|date=March 9, 2015 }}</ref> On March 10, 2015, Microsoft released a patch which fixed this vulnerability for all supported versions of Windows (Server 2003, Vista and later).<ref>{{cite web|url=https://technet.microsoft.com/en-us/library/security/ms15-031.aspx|title=Microsoft Security Bulletin MS15-031 - Important|publisher=Microsoft|date=March 10, 2015 }}</ref> ] 41 and ] 28 has also mitigated against this flaw.<ref name="smacktls.com"/> ] is not vulnerable against this flaw.<ref>{{cite web|url=http://www.eweek.com/blogs/security-watch/microsoft-admits-windows-users-are-vulnerable-to-freak-attacks.html|archive-url=https://archive.today/20150408092531/http://www.eweek.com/blogs/security-watch/microsoft-admits-windows-users-are-vulnerable-to-freak-attacks.html|url-status=dead|archive-date=April 8, 2015|title=Microsoft Admits Windows Users Are Vulnerable to FREAK Attacks|work=eweek.com}}</ref>


The research paper explaining this flaw has been published at the 36th IEEE Symposium on Security and Privacy and has been awarded the Distinguished Paper award.<ref name=state-of-the-union-award>{{cite web|url=http://www.ieee-security.org/TC/SP2015/awards.html|title=IEEE Distinguished Paper award for A Messy State of the Union: Taming the Composite State Machines of TLS|date=2015-05-18}}</ref> The research paper explaining this flaw has been published at the 36th IEEE Symposium on Security and Privacy and has been awarded the Distinguished Paper award.<ref name=state-of-the-union-award>{{cite web|url=http://www.ieee-security.org/TC/SP2015/awards.html|title=IEEE Distinguished Paper award for A Messy State of the Union: Taming the Composite State Machines of TLS|date=2015-05-18}}</ref>
Line 43: Line 44:
== External links == == External links ==
* https://www.smacktls.com/ * https://www.smacktls.com/
* https://www.freakattack.com/ * https://web.archive.org/web/20150304002021/https://freakattack.com/
* https://tools.keycdn.com/freak/ * https://tools.keycdn.com/freak/
* https://infogr.am/https_sites_that_support_rsa_export_suites * https://infogr.am/https_sites_that_support_rsa_export_suites
* http://www.sitemeer.com/ * http://www.sitemeer.com/ {{Webarchive|url=https://archive.today/20150315074900/http://www.sitemeer.com/ |date=2015-03-15 }}


{{SSL/TLS}} {{SSL/TLS}}


] ]
]
] ]
] ]
] ]

Latest revision as of 15:53, 5 July 2024

Security exploit For the term referring to unusual people, see Freak. For other uses, see Freak (disambiguation).
FREAK
CVE identifier(s)CVE-2015-0204 (OpenSSL),

CVE-2015-1637 (Schannel),

CVE-2015-1067 (Secure Transport)
Date discoveredMarch 3, 2015; 9 years ago (2015-03-03)
DiscovererIMDEA Software Institute, INRIA, Microsoft Research
Affected softwareClient TLS libraries (including OpenSSL, Schannel and Secure Transport)

FREAK ("Factoring RSA Export Keys") is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations. These involved limiting exportable software to use only public key pairs with RSA moduli of 512 bits or fewer (so-called RSA EXPORT keys), with the intention of allowing them to be broken easily by the National Security Agency (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known Number Field Sieve algorithm, using as little as $100 of cloud computing services. Combined with the ability of a man-in-the-middle attack to manipulate the initial cipher suite negotiation between the endpoints in the connection and the fact that the finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.

Vulnerability

The flaw was found by researchers from IMDEA Software Institute, INRIA and Microsoft Research. The FREAK attack in OpenSSL has the identifier CVE-2015-0204.

Vulnerable software and devices included Apple's Safari web browser, the default browser in Google's Android operating system, Microsoft's Internet Explorer, and OpenSSL. Microsoft has also stated that its Schannel implementation of transport-layer encryption is vulnerable to a version of the FREAK attack in all versions of Microsoft Windows. The CVE ID for Microsoft's vulnerability in Schannel is CVE-2015-1637. The CVE ID for Apple's vulnerability in Secure Transport is CVE-2015-1067.

Sites affected by the vulnerability included the US federal government websites fbi.gov, whitehouse.gov and nsa.gov, with around 36% of HTTPS-using websites tested by one security group shown as being vulnerable to the exploit. Based on geolocation analysis using IP2Location LITE, 35% of vulnerable servers are located in the US.

Press reports of the exploit have described its effects as "potentially catastrophic" and an "unintended consequence" of US government efforts to control the spread of cryptographic technology.

As of March 2015, vendors were in the process of releasing new software that would fix the flaw. On March 9, 2015, Apple released security updates for both iOS 8 and OS X operating systems which fixed this flaw. On March 10, 2015, Microsoft released a patch which fixed this vulnerability for all supported versions of Windows (Server 2003, Vista and later). Google Chrome 41 and Opera 28 has also mitigated against this flaw. Mozilla Firefox is not vulnerable against this flaw.

The research paper explaining this flaw has been published at the 36th IEEE Symposium on Security and Privacy and has been awarded the Distinguished Paper award.

See also

References

  1. "The Dark Side of Microsoft Windows – Administrative..." BeyondTrust. Retrieved 2023-09-05.
  2. B. Beurdouche & al (2015-05-18). "A Messy State of the Union: Taming the Composite State Machines of TLS" (PDF). IEEE Security and Privacy 2015.
  3. ^ "State Machine AttACKs against TLS (SMACK TLS)". smacktls.com.
  4. "Vulnerability Summary for CVE-2015-0204". NIST. 20 February 2015.
  5. Thomas Fox-Brewster (2015-03-03). "What The FREAK? Why Android And iPhone Users Need To Pay Attention To The Latest Hot Vulnerability". Forbes.
  6. Steven J. Vaughan-Nichols (2015-03-03). "FREAK: Another day, another serious SSL security hole". ZDNet.
  7. Darren Pauli (6 March 2015). "All Microsoft Windows versions are vulnerable to FREAK". The Register.
  8. "Microsoft Security Advisory 3046015: Vulnerability in Schannel Could Allow Security Feature Bypass". Microsoft. March 5, 2015.
  9. "About the security content of iOS 8.2". apple.com. 23 January 2017.
  10. ^ Craig Timberg (2015-03-03). "'FREAK' flaw undermines security for Apple and Google users, researchers discover". Washington Post.
  11. ^ Dennis Fisher (2015-03-03). "New FREAK Attack Threatens Many SSL Clients". Threatpost.
  12. "FREAK Servers By Country". 2015-03-03.
  13. Dan Goodin (3 March 2015). ""FREAK" flaw in Android and Apple devices cripples HTTPS crypto protection". Ars Technica.
  14. "About Security Update 2015-002". Apple. March 9, 2015.
  15. "About the security content of iOS 8.2". Apple. March 9, 2015.
  16. "Microsoft Security Bulletin MS15-031 - Important". Microsoft. March 10, 2015.
  17. "Microsoft Admits Windows Users Are Vulnerable to FREAK Attacks". eweek.com. Archived from the original on April 8, 2015.
  18. "IEEE Distinguished Paper award for A Messy State of the Union: Taming the Composite State Machines of TLS". 2015-05-18.

External links

TLS and SSL
Protocols and technologies
Public-key infrastructure
See also
History
Implementations
Notaries
Vulnerabilities
Theory
Cipher
Protocol
Implementation
Categories: