In the shadow of a major OpenSSL vulnerability scheduled to be announced tomorrow, lingering issues remain with mobile platforms and applications that still run versions of the crypto library vulnerable to FREAK attacks.
A report published Tuesday by FireEye paints a bleak picture of vulnerable versions of iOS and Android applications that have been downloaded in aggregate more than six billion times. This is still the case, FireEye said, even after Apple released a patch nine days ago rectifying the vulnerability in iOS.
“Even after vendors patch Android and iOS, such apps are still vulnerable to FREAK when connecting to servers that accept RSA_EXPORT cipher suites,” wrote researchers Yulong Zhang, Hui Xue, Tao Wei, Zhaofeng Chen. “That’s why some iOS apps are still vulnerable to FREAK attack after Apple fixed the iOS FREAK vulnerability in iOS 8.2 on March 9.”
The FREAK attack is possible because servers can be forced to downgrade and accept 512-bit RSA keys, which was the U.S. government-approved key strength for export overseas, a leftover artifact thought to be long-ago abandoned by most clients. An attacker with man-in-the-middle position can intercept encrypted traffic and decrypt it using modest computing resources. A study released by Royal Holloway University of London this week demonstrated there are factors that reduce computation times and costs.
FireEye said it scanned 11,000 applications in Google Play that had been downloaded at least one million times each, and found 1,228 that were at risk because they were using a vulnerable OpenSSL library to connect to a vulnerable server. By the numbers, there were 664 using Android’s bundled OpenSSL library and 564 with a custom compiled library.
The problem is less severe on the iOS side with 771 of 14,000 apps scanned connecting to vulnerable HTTPS servers, FireEye said.
“These apps are vulnerable to FREAK attacks on iOS versions lower than 8.2,” the researchers wrote. “Seven these 771 apps have their own vulnerable versions of OpenSSL and they remain vulnerable on iOS 8.2.”
Most of the vulnerable applications fall into categories that would affect user privacy and security, and include photo and video apps, lifestyle, social networking, health fitness, finance, communication, shopping, business and medical apps.
The 512-bit keys are an artifact of the crypto wars; the U.S. government approved the weaker keys for export overseas. Most experts believed the weakened ciphersuites had been removed from most servers, but that was not the case upon the disclosure made by Microsoft and the French National Institute for Research in Computer Science and Control.
Royal Holloway’s study also showed that server admins and large technology providers have been moving quickly to eradicate the weaker ciphersuites. Original estimates had upwards of 26 percent of servers vulnerable to FREAK, but Royal Holloway estimates that number has dipped to around 11 percent.
FREAK exploits, however, have their limits according to experts because they require an attacker to actively interfere with a TLS connection, meaning they must already have some kind of access to a server. Tod Beardsley, engineering manager at Rapid7 said the practical effects of the bug are limited.
“Because of the active man-in-the-middle requirement, this bug can be pretty useful for spies who are targeting specific users in otherwise high security network environments,” he said. “It’s not very useful for typical Internet criminals, since there are much easier methods to redirect and gather user traffic at varying levels of sophistication.”