Apple’s and Google’s platforms are prone to hacking through the recently discovered “FREAK attack,” according to a report from ABC News. As of now, there is no proof that any hacker has taken benefit of this security flaw, however.
Old policy decision haunting now
In recent weeks, researchers found they could command browsers to use weaker encryption and then crack it easily in few hours. This security flaw could allow hackers to steal sensitive information, and they could even launch a broader attack on websites by controlling elements on a page. According to the researchers, this flaw arises from an old government policy scrapped over a decade ago that require U.S. software makers to use weaker security in encryption programs sold overseas due to national security concerns.
“This was a policy decision made 20 years ago and it’s now coming back to bite us,” Edward Felten, a professor of computer science and public affairs at Princeton, told ABC News.
Experts at various research institutes suggested on Tuesday that various popular websites and some internet browsers are still accepting the weaker software. The researchers noted that hackers would find it simpler to breach the encryption that is designed to safeguard digital eavesdropping when a visitor types sensitive information into a website.
Apple, Google firm on resolving the issue
As of Tuesday, around one-third of encrypted websites were vulnerable to such an attack, including sites operated by American Express, Groupon, Kohl’s, Marriott and some government agencies, according to the researchers. University of Michigan computer scientist Zakir Durumeric, suggested the vulnerability affects Apple’s web browser and the browser built into Google’s Android software, excluding Google’s Chrome browser or the current browser from Microsoft or Firefox-maker Mozilla.
Apple and Google announced on Tuesday that they had designed software updates to fix the “FREAK attack” issue. The Cupertino, Calif.-based company said it will resolve the issue by next week, while Google said it had already offered the update to device makers and wireless carriers.
Apart from these two big tech firms, various other operators are also trying to find a remedy, according to Matthew Green, a computer security researcher at Johns Hopkins University.