Microsoft Corp. (NASDAQ:MSFT) has issued an advisory that points out the vulnerability of “FREAK” attack on Windows PC’s. Researchers have found that the flaw affects a million computers with low encryption, though the risk of the bug is low in modern days.
FREAK stands for Factoring Attack on RSA-EXPORT Keys and was developed by the federal government for spying on users. The bug affects SSL/TLS protocols, and can steal data when a user visits a website. Users can be at the risk of losing passwords and bank information. During the 1990’s, the bug made its way into software abroad and there was restrictions on 512-bit encryption.
However the restrictions were later removed after criticism from the tech companies, though many still use a weak encryption method. Google, Apple and Microsoft have been slow in releasing patches for fixing the flow. Even protected and encrypted websites that might seem protected when the user is attacked.
Several browsers including Apple’s Secure Transport and Android browsers are at the risk of the attack. However, Google Chrome and computers running stronger encryption methods like 1048-bit and 2048-bit encryption are not affected. Hackers could exploit a user in a few hours during the 1990’s and it could take several PCs to attack a stronger encryption.
According to researchers, about 36 million users are the risk of the attack, though it is seen as a minor vulnerability. Though FREAK mws around for many years, the French researchers at computer science lab INRIA notified governments around the world. The advisory comes at a time when FBI Director James Comey stated that companies should allow backdoors to decrypt information. However, Apple and Windows are likely to release patches by next week to fix the bug.
[ Source ]