Firstly, FREAK stands for "Factoring Attack on RSA-EXPORT Keys" and is officially designated as CVE-2015-0204. It is a weakness in some implementations of SSL/TLS that may allow an attacker (known as a man-in-the-middle attack) to decrypt secure communications between vulnerable clients and servers.
The new SSL/TLS vulnerability was announced on Tuesday, March 3, 2015, and allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption.
Being a man in the middle attack does make the likelihood of you being affected less likely, but if you travel and use free wifi you may put yourself in a position to be attacked. The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a server that accepts “export-grade” encryption.
The attack succeeds because it allows an attacker to force the browser to use a weaker export-grade encryption. The initial list of vulnerably browsers was:
- Internet Explorer (A patch should be available now).
- Chrome on MAC OS
- Chrome on Android
- Safari on Mac OS
- Safari on iOS
- Stock Android Browser
- Blackberry Browser
- Opera on Mac OS
So far Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability while Microsoft has also released a security advisory that includes a workaround for supported Windows systems. For a full list of this years advisories, see here: Security Advisories for 2015
Who is at risk?
More than a third of all servers with browser-trusted certificates are at risk. Keep in mind this attack is not as severe as Heartbleed and POODLE but considering the number of affected servers don't underestimate the issue.
|Currently Vulnerable||Change Since Mar. 3|
|HTTPS servers at Alexa Top 1 Million domain names||9.5%||down from 12.2%|
|HTTPS servers with browser-trusted certificates||36.7%||unchanged|
|All HTTPS servers||26.3%||unchanged|
If you have a server that might be effected you can disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For a typically Apache webs server a vhost file will look like this:
<VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key SSLCACertificateFile /path/to/all_ca_certs # modern configuration, tweak to your needs SSLProtocol all -SSLv2 -SSLv3 -TLSv1 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK SSLHonorCipherOrder on # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always add Strict-Transport-Security "max-age=15768000" ... </VirtualHost>
What do I need to do?
For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator. Basically, you need to remove/disable SSL protocol support and support for TLS v1
Testing a Server
open a terminal session on a Linux workstation with OpenSSL installed and attempt to connect to your target also specify the cipher to use, in this case "EXPORT". If it fails to renegotiate you should get the following output:
$ openssl s_client -connect www.conetix.com.au:443 -cipher EXPORT CONNECTED(00000003) 139895902082720:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 111 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---
Clients - Test your browser!
You can test your browser here: https://freakattack.com/ on the first line the site will tell you if you are vulnerable!
If you are vulnerable, you need to patch your web browser.