EditorRecently Microsoft has confirmed that its windows PCs are at risk of being exploited by the FREAK which is an HTTPS exploit. FREAK is known to have affected a number of apple and android devices till now. Microsoft disclosed the bug this Monday and it was initially thought that the systems won’t be impacted by it. The exploit is around 10 years old and using it the attackers can easily decrypt the traffic of their target. The exploitation begins by sending more than one HTTPS connection between the websites and the users. The attack takes place when the user of a vulnerable system connects to the website that is HTTPS protected. Such websites using weak ciphers are at the most risk. FREAK is abbreviated form for “factoring attack on RSA – Export keys” and allows the attacker to monitor the traffic of a website and introduce dirty packets in the flow that forces the system to use 512 – bit encryption that is quite weak. Through this weak communication the details can be gathered by the attackers by using cloud and get the private key of the website. The procedure costs around $100 and time required is 7 hours. After this the attacker seems like it is the official site you have been seeking. The attacker can now study and modify the site information.
Till now there is no patch available for theWindows OS. The scale of systems affected was discovered by the security researchers. It has been found that around 36 percent of total 14 million websites that are HTTPS secure have been using very weak ciphers. Updates that help resolve this issue have already been released by Google and Apple.
Mohith Agadi
Gollapalli Nithin Kumar
