SHARE
Android apps FREAK vulnerability

Earlier in March, researchers discovered some vulnerability in SSL implementations and they called it “FREAK.” It allows the attacker to force SSL to stop using 128-bit encryption and then start using 40-bit encryption, which could be cracked in a few hours with commodity computers.

FREAK has been focused on its impact on browser communication. But, researchers at FireEye found a good number of mobile apps which are also vulnerable to the SSL flaw. After scanning of 10,985 popular Android apps from Google Play market with over 1 million downloads each, the researchers found that 11.2% of them vulnerable to a FREAK attack.

A similar analysis of 14,079 iOS apps revealed that 5.5% of them vulnerable to FREAK.

While this statistics sound serious, exploiting the security flaw is not a piece of cake. One needs to be in a position to sit on the traffic, and then they would still need to decrypt the downloaded encryption. No one knows if it will have a noticeable impact on individuals.

LEAVE A REPLY