FREAK Vulnerability : SSL/TLS Vulnerability to Exploit Apple and Android

By -

FREAK Vulnerability : Android Penetration Testing a Must now .

The Freak Vulnerability leave Android and Apple users Unsecured . This is a Vulnerability in SSL/TLS that is not new and has left the Android and Apple users open to exploitation via MITM(Man in the middle attack) . The Freak Vulnerability leaves the Apple and Android users exposed to MITM and any secure traffic is completely to the exposure of the Hacker .
Freak Vulnerability is widespread and disastrous SSL/TLS vulnerability and has been uncovered for over a decade left Millions of users of Apple and Android devices vulnerable to man-in-the-middle attacks on encrypted traffic when they visited supposedly ‘secured’ websites, including the official websites of the White House, FBI and National Security Agency.

CVE-2015-0204

Dubbed the “FREAK” vulnerability (CVE-2015-0204) – also known as Factoring Attack on RSA-EXPORT Keys – enables hackers or intelligence agencies to force clients to use older, weaker encryption i.e. also known as the export-grade key or 512-bit RSA keys.
The FREAK vulnerability discovered by security researchers of French Institute for Research in Computer Science and Automation (Inria) and Microsoft, resides in OpenSSL versions 1.01k and earlier, and Apple’s Secure Transport.

Freak Vulnerability : From Penetration Testers View

How Freak Vulnerability Works ! (The very technical Description of the Freak Vulnerability)
  • In the client’s Hello message, it asks for a standard ‘RSA’ ciphersuite.
  • The MITM attacker changes this message to ask for ‘export RSA’.
  • The server responds with a 512-bit export RSA key, signed with its long-term key.
  • The client accepts this weak key due to the OpenSSL/Secure Transport bug.
  • The attacker factors the RSA modulus to recover the corresponding RSA decryption key.
  • When the client encrypts the ‘pre-master secret’ to the server, the attacker can now decrypt it to recover the TLS ‘master secret’.
  • From here on out, the attacker sees plain text and can inject anything it wants.

Who is Vulnerable to Freak ?

The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a server that accepts “export-grade” encryption.

Servers

Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK attack. Using Internet-wide scanning, we have been performing daily tests of all HTTPS servers at public IP addresses to determine whether they allow this weakened encryption. More than a third of all servers with browser-trusted certificates are at risk.

Clients

Browsers are vulnerable to the FREAK attack because of bugs that allow an attacker to force them to use weak, export-grade encryption.  Far more browsers are vulnerable to the FREAK attack than was initially thought when the attack was announced. The client side bugs can also be identified via the penetration testing of the clients browser for Freak Vulnerability.

Remediation from Freak Vulnerability

On the Server Side

You should immediately disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator.

On the Client Side (Browser)

Make sure you have the most recent version of your browser installed, and check for updates frequently. Updates that fix the FREAK attack should be available for all major browsers soon.

For SysAdmins and Developers

TLS libraries must be up to dateUnpatched OpenSSL Microsoft Schannel , andApple SecureTransport all suffer from the vulnerability. Note that these libraries are used internally by many other programs, such as wget and curl. You also need to ensure that your software does not offer export cipher suites, even as a last resort, since they can be exploited even if the TLS library is patched.

Comments

Post a Comment

Popular posts from this blog

Idea 4G Launch Offer - Preebook Idea 4G and Get 1GB 4G Data Absolutely Free

By -
Image
Idea 4G Launch Offer - Preebook Idea 4G and Get 1GB 4G Data Absolutely Free 4G, known as LTE (Long Term Evolution) is not just about high internet speed. It’s the 4th generation of mobile communication technology that is the latest and fastest gateway to mobile internet.  Idea is soon launching their 4G Service in India.  Get ready to welcome this new way of life with Idea 4G LTE! How to Get the  Offer  :- Visit Idea's offer page from here Select your State, City and fill the form with required details. Submit the form and you will get 1GB Data free when Idea 4G Is launched. Idea 4G  Features  :- With Idea 4G LTE you can stream HD videos and Live TV on the move,make seamless video calls,play multiplayer games online and upload/download all that you want faster than ever before. Get ready to welcome this new way of life with Idea 4G LTE!
Read more

crack Protected Wi Fi With Airoway and Wifislax

By -
Image
How to Crack a Wep Protected Wi Fi With Airoway and Wifislax 1   Obtain and burn WiFiSlax.   WiFiSlax is an operating system that you will be loading from a CD. It contains the tools necessary to crack WEP encryption on wireless networks. This only works with WEP encryption, not WPA/WPA2. WiFiSlax is available for free from the developer’s   website . Burn the .iso file that you downloaded to a blank CD. You can use any freeware image burning software to do this. Open the burning software, and select Burn Image. Browse for the .iso file that you downloaded. 2 Check your computer’s hardware.  In order to run this crack, you will need the IPW3945 chipset. To find out if your computer possesses the chipset, open the command line by clicking Start and then entering CMD into the Search or Run box. Once you have access to the command line, type "ipconfig /all". Look for "Intel PRO/Wireless 3945ABG Network Connection". This is a common...
Read more

Lost your Phone? You Can Still Retrieve its IMEI Number

By -
Image
Lost your Phone? You Can Still Retrieve its IMEI Number Y our mobile phone has a globally unique number associated with it, called the IMEI number, that uniquely identifies your device within the mobile network. If your phone gets lost or is stolen, you would need to provide this IMEI number to the law enforcement agencies and the telecom operator for them to blacklist your device and prevent anyone else from using your phone on their wireless network. As you probably know, it is relatively easy to find the IMEI number of your mobile phone. While there are apps that will help you retrieve this number with a tap, you don’t really need one. Just open the phone dialer, call  *#06#  and the IMEI number will be displayed on the phone’s screen. Alternatively, you can open device Settings – About Phone – Status and long-press the IMEI number to copy it to the clipboard. If you have however lost your phone but did not record the IMEI number beforehand, you can still retrieve ...
Read more