Android apps FREAK vulnerability

Earlier in March, researchers discovered some vulnerability in SSL implementations and they called it “FREAK.” It allows the attacker to force SSL to stop using 128-bit encryption and then start using 40-bit encryption, which could be cracked in a few hours with commodity computers.

FREAK has been focused on its impact on browser communication. But, researchers at FireEye found a good number of mobile apps which are also vulnerable to the SSL flaw. After scanning of 10,985 popular Android apps from Google Play market with over 1 million downloads each, the researchers found that 11.2% of them vulnerable to a FREAK attack.

A similar analysis of 14,079 iOS apps revealed that 5.5% of them vulnerable to FREAK.

While this statistics sound serious, exploiting the security flaw is not a piece of cake. One needs to be in a position to sit on the traffic, and then they would still need to decrypt the downloaded encryption. No one knows if it will have a noticeable impact on individuals.