Computers which use Windows are vulnerable to what specialists call a FREAK attack. This type of attacks allows hackers to decrypt the traffic that is considered to be secure between the browser that the web browser uses and the visited site. In the beginning, Microsoft claimed that Windows cannot be attacked by hackers using such method, but they officials seem to acknowledge this vulnerability, as they have announced on their TechNet site.
“Microsoft is aware of a security feature bypass vulnerability in Secure Channel that affects all supported releases of Microsoft Windows. We are actively working with partners in our Microsoft Active Protections Program to provide information that they can use to provide broader protections to customers.”
wrote representatives of the company.
But what exactly is a FREAK attack?
It seems that FREAK is an abbreviation for Factoring attack on RSA-EXPORT Keys. This means you can be the victim of such an attack if you log onto a website whose HTTPS protection is vulnerable from a device which is disposed to be compromised.
But it looks like PCs are not the only products that could become victims of FREAK attacks. Android gadgets and iPhones were thought to be vulnerable to FREAK, before Microsoft made the official announcement of this problem.
A FREAK attack allows the hacker to inflict malicious packets, which can lead to use of a vulnerable 512-bit encryption key.
That is how hackers can extract information which has been exchanged through cloud-based computing.
Studies show that 36 percent out of 14 million HTTPS-protected websites support vulnerable cipher, which makes them possible victims of the FREAK attacks. However, FREAK may not be such an alarming problem at the moment, because companies like Microsoft, Apple or Google have not been rushing on developing patches in order to solve these inconveniences.
Still, there are things these companies have done. Google has worked to improve its version of Chrome for the Mac. Apple is expected to announce a patch next week. Microsoft said they work on developing a new security update regarding FREAK. They have also indicated that every PC using Windows and Internet Explorer is vulnerable to FREAK attacks.
Microsoft published advice in order to help costumers remove the vulnerability of their software. The company added that if the costumers apply the fixes they have indicated, there could be serious problems with the rest of the programs.
Microsoft added that until now they don`t have the information required to incriminate cybercriminals for the attack.
Image Source: The Next Web