FREAK Show Time Machine: Apple and Android SSL Open to Snoopers?

Yeah, the Hot Tub Time Machine movies weren’t as good as they could have been for some reason, but we’re going to be hopping in today. The recent announcement about OpenSSL, iOS and OS X tricked into using weak 1990s-grade encryption keys (h/t to El Reg) had us wondering if those in charge of security should be forced to listen to the Safety Dance song over and over again until it sinks in.

Safety Dance

Okay, that’s a stretch to cover our clever headline, but this really is a serious issue. Dubbed FREAK (Factoring RSA Export Keys), the flaw announced this week could cause trouble for a lot of people around the world. Basically, it’s possible to crack weak encryption using modern computer networks. In some cases, it could take as little as a couple of hours.

What makes this story a little different from others is that the root cause goes back to the 1990s, when government officials banned Americans from selling anything with encryption keys over 512 bits. The result of those actions has taken a while to come back and bite us, but they’re biting now, and it’s a bit worse than a POODLE attack.

“There is an important lesson here about the consequences of crypto policy decisions: the NSA’s actions in the ‘90s to weaken exportable cryptography boomeranged on the agency, undermining the security of its own site twenty years later,” said Canadian security expert Professor Ed Felton.

How the FREAK Attack Works

For a full analysis of the attack we have to thank Assistant Research Professor Matthew Green of Johns Hopkins University’s Information Security Institute in Maryland. He wrote:

  1. In the client’s Hello message, it asks for a standard ‘RSA’ ciphersuite.
  2. The MITM attacker changes this message to ask for ‘export RSA’.
  3. The server responds with a 512-bit export RSA key, signed with its long-term key.
  4. The client accepts this weak key due to the OpenSSL/SecureTransport bug.
  5. The attacker factors the RSA modulus to recover the corresponding RSA decryption key.
  6. When the client encrypts the ‘pre-master secret’ to the server, the attacker can now decrypt it to recover the TLS ‘master secret’.
  7. From here on out, the attacker sees plaintext and can inject anything it wants.

Ouch.

Are FREAK Patches Available?

Yes! Don’t freak out! (Sorry, I couldn’t resist.) If you recall, OpenSSL released a patch back in January. According to The Register, “Apple has said it will patch SecureTransport for OS X and iOS, and most operating systems bundling OpenSSL should rollout the fix soon enough if not already.”

You’ll also want to update all your other software as soon as updates are available, of course, but if you have anything with an old Android O/S embedded on it that you can’t update you’re out of luck. Just make sure you’re not passing sensitive data while using it.

Will This Happen Again?

Unfortunately, the government is still involving itself in information security technology. El Reg reminded us that NSA director Admiral Mike Rogers has said the term “backdoor” sounds “kind of shady,” but that’s just what they’re wanting to install in anything using encryption.

And if you follow our blog, you know that the Internet of Things is already here and set to boom in years ahead. Will you need strong encryption on your refrigerator – or your Smart TV? Maybe. Let’s hope policy and decisions being made today don’t have as big and negative an impact twenty years down the road as the attempt to control export of encryption decades ago is having on us now.

The SSL Takeaway

Politics shouldn’t play a role in decisions that could affect the safety and security of citizens in the future. In the case of only selling 512 bit or lower encryption software around the world in the 1990s, we’re just now feeling the effects.

This is also a reminder that it’s crucial to always keep your software and operating systems up to date at all times. Unfortunately, this isn’t always possible with some embedded systems, but if you can update the software on a device, you should as often as possible.

If you have a comment about Hot Tub Time Machine or the FREAK vulnerability, leave a comment below and share with us!