FREAK Frenzy: Router Manufacturer Re-uses Weak RSA Key 28,394 Times

Gobs of Routers Found to Be Vulnerable to FREAK Attack

Leave it to the Brits. Some researchers from Royal Holloway of the University of London were curious about how many devices they could find on the internet that were still vulnerable to a FREAK attack. The short answer: quite a lot – and they reported some other surprising (and unsettling) results as well.

Wait, What’s a FREAK Attack Again?

Basically, it refers to a technique that black hats can use to weaken the SSL/TLS encryption protocol used to secure communications on the internet. With a little hacker magic (and malicious intent) it’s possible to force a site or device that hasn’t been updated to use obsolete 512-bit encryption, which is easily cracked these days. The FREAK exploit was announced back on March 3, but quite a few people and organizations still haven’t updated to protect themselves from the vulnerability. Just how many is what these researchers wanted to find out.

How Many Devices Are Still Open?

So how many devices are still vulnerable to a FREAK attack? Well, the University of London researchers ran their investigation to find this out. According to IT World:

They found that 9.7 percent of nearly 23 million hosts, or around 2.2 million, are still accepting 512-bit keys, a surprising number considering the seriousness of FREAK and that more than two weeks has passed since it was made public. But the researchers also came across an astonishing find: many hosts—which could be servers or other Internet-connected devices—share the same 512-bit public key, Paterson said.

So apart from the FREAK vulnerability itself, they found something even more startling-  28,394 routers running a SSL VPN module that all use the exact same 512-bit public RSA key – the kind that can be cracked really, really easily.

28,394 Routers Share a Public Key?

Here’s what they wrote in their FREAK scan Whitepaper last week:

We observed 664,336 duplicate moduli in the set of 2,215,504 512-bit moduli obtained from our scanning. One single modulus was found 28,394 times, two further moduli arose more than 1,000 times each and a total of 1,176 moduli were seen 100 times or more each. We did not investigate the high replication rate of these moduli, except for the modulus occurring 28,394 times which corresponds to a router with an SSL VPN module. These repeated moduli would be attractive targets for direct factoring. For example, spending $100 on factoring the most repeated modulus would enable a per-host breaking cost of only 0.3 cents for all the hosts using this modulus.

Yes. Nearly three weeks after being announced, quite a few routers are still using 512-bit encryption, which can be cracked with around $100 of computing time. Even worse, because the 28,394 routers all use the same encryption key, once the black hats have cracked one, they’ve cracked them all – and at a very reasonable price per piece of hardware.

The SSL Takeaway

We have two things we want to bring up in regards to this new info about FREAK vulnerabilities still in the wild. First, unique keys are absolutely essential for security. If you remember, one of the big reasons Superfish was so awful was that they reused the same SSL certificate and made it super simple for black hats to cause havoc and mayhem.

Second, did you notice how quickly the security researchers were able to crack 512-bit keys? Moore’s Law is real. Technology is advancing at an accelerated pace, and you shouldn’t still be using a 512-bit key to try to protect anything. Make sure you double check your network and browsers to ensure you’re not still vulnerable to FREAK.

What do you think? Leave us a comment below and share your opinion. We love to hear from our readers!