ADVISORY: Servers that use SSL/TLS, Android & Apple devices impacted by FREAK attack

Friday, March 6, 2015

3/6/15 update: It has been discovered that computers running all versions of Microsoft Windows that are supported by Microsoft are vulnerable to FREAK. Windows computers should also be updated as soon as updates are available.


This information was sent to the U-M IT Security Community via email March 4, 2015.

This message is intended for U-M IT staff who are responsible for maintaining and running university servers and workstations, as well as those who provide support for users of Android and Apple (iOS and Mac OS X) devices.

Summary: 

This vulnerability may, under certain conditions, allow attackers to intercept HTTPS connections between vulnerable clients and servers and decrypt or alter them. This is being referred to as the FREAK attack (Factoring attack on RSA-export Keys). Although the vulnerability is widespread, it is not trivial to conduct a FREAK attack and widespread exploitation appears to be unlikely in the near future.

Android and Apple devices are impacted, and users should install updates when they become available. Those who manage servers that use SSL/TLS and support RSA export keys should take the actions listed below in this message.

Problem: 

There is a bug in older versions of OpenSSL and Apple's Secure Transport TLS that allows web browsers to accept insecure security keys.

Affected Systems: 
  • Servers (web servers, email servers, load balancers) that use SSL/TLS and support RSA export keys.
  • Android devices and Apple devices (iOS and Mac OS X).
Action Items: 

People responsible for any service that uses SSL/TLS should:

  • Review supported ciphers
  • Disable insecure ciphers, including the vulnerable RSA Export Keys.
  • Patch or upgrade versions of OpenSSL older than:
    • OpenSSL 1.0.1k DTLS
    • OpenSSL 1.0.0p DTLS
    • OpenSSL 0.9.8zd DTLS

People responsible for managing Apple iOS and Mac OS X devices should apply security updates quickly after they become available.

Make changes to test environments and conduct appropriate testing first before making changes to production services.

Threats: 

A secure connection could be forced into accepting an insecure cryptographic key, then becoming vulnerable to a man-in-the-middle attack. The man-in-the-middle attacker can then alter information on the affected website in order to steal passwords and other personal information.

Technical Details: 

A person browsing the web on Android devices, or Apple iOS and Mac OS X devices could have a secure connection be vulnerable to a man-in-the-middle attack if a server accepts old and insecure RSA export cipher suites. A bug in OpenSSLversions older than 1.0.1k, 1.0.0p, and 0.9.8zd and Apple's Secure Transport TLS allows connections to be silently downgraded to use the weak RSA export cipher suites rather than newer, secure cipher suites.

Detection: 
  • Determine if your website is vulnerable using the SSL Labs' SSL Server Test.
  • Visit FreakAttack.com to see if your browser is vulnerable and for a list of affected, vulnerable sites.
Information for Users: 

If you keep your software and apps up-to-date, you don't need to do anything special to protect your devices from this attack. If you own an Android device, iOS device (iPhone or iPad), or Mac computer, install updates to the OS when they become available.

In general, the best protection for your devices is this:

  • Keep your software and apps up-to-date.
  • Do not click suspicious links in email.
  • Do not open email attachments unless you are expecting them and trust the person who sent them.
  • Use a secure Internet connection whenever you connect to the Internet.

For more information, see Spam, Phishing, and Suspicious Email and Instructions for Securing Your Devices and Data on the U-M Safe Computing website.

Questions, Concerns, Reports: 

Please contact iia.inform@umich.edu.

Sincerely, 
Sol Bermann, 
Interim University of Michigan Chief Information Security Officer 
Privacy Officer and IT Policy, Compliance and Enterprise Continuity Strategist