Authored by a Symantec employee
A newly discovered vulnerability, dubbed, “FREAK”, that could allow attackers to intercept and decrypt encrypted traffic between browsers and web sites via a Man-in-the-Middle (MitM) attack, was discovered on March 3rd, 2015 by researchers. Once an attacker has cracked the encryption code, it is possible for the attacker to steal passwords and other sensitive personal information.
This vulnerability has existed since the late 90s, as a forgotten part of the coding within many Google and Apple products. In addition to Google and Apple products, this vulnerability affects the Transport Layer Security (TSL) and Secure Sockets Layer (SSL) security built into the web browser. These security tools are used to encrypt the transmission of data between web browsers and servers (websites). You will know you are using these protocols when you see the HTTPS and padlock in your browser’s URL bar. Hackers can force browsers to use an older, weaker form of encryption that can be cracked to easily decrypt messages.
Apple has stated “We have a fix in iOS and OS X that will be available in software updates next week.” Google also addressed the matter, saying that it has developed a patch for the Android operating system’s browser and has provided it to their partners, which are the companies that manufacture Android devices and are responsible for providing software patches to the operating system.
How To Stay Safe From This Vulnerability
Users of Google Android devices are advised to use the Chrome web browser rather than the default Android browser until a patch is issued. Users of Apple desktop and mobile devices should not use the Safari browser until the patch is issued.
Browsers such as Firefox or Chrome are not affected and can be used as a safe alternative.
To see if your favorite websites are affected by this vulnerability, you can use our free tool to check!
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.