FREAK Attacks Can Hurt Android and Apple Users, Blockchain Networks May Be a Remedy

Published at: March 7, 2015

A group of researchers in miTLS team have found a new vulnerability in the SSL/TLS protocol. This vulnerability is called FREAK, and it concerns Apple and Android users.  The remedy has not been found yet, but decentralized networks on the blockchain model could prevent similar cyber security attacks in the future.

 Many cyberattacks are due to single point of failures. Users easily trust and use different services in digital world without being aware of threats and vulnerabilities of these services. One of the most useful and common protocols in internet in which most of the banks and services rely on, is Secure Sockets Layer (SSL) which is known as https by most internet users.

Some of the miTLS team, in a joint project between Microsoft Research and INRIA, have recently found a new vulnerability in SSL/TLS protocol. This protocol establishes a secure connection between client and server by generating a private and public key pair for clients after a few handshakes between client and server which involves sending and receiving a few messages between the two parties. Meanwhile if there is an attacker intercepting this communication channel, the attacker is able to initiate different attacks. These attacks are categorized as man-in-the-middle-attacks in computer networks.

In SSL the generated key should be large enough to make it almost impossible for hackers to break and find the key. Thus it is normally uses a 2048 bits key size. However there is an encryption suites called “export-grade” that some servers use which involves keys no more than 512 bits size. This suite was actually implemented in 1990s when US government banned selling cryptographic software overseas unless it used the export-grade suite, presumed to be breakable by NSA.

The miTLS team, after analyzing different attack scenarios on different servers, realized that many servers accept export-grade RSA in their implementation. Some clients use a reduced implementation of SSL/TLS in their handshake process such as OpenSSL and Apple’s Secure Transport which makes them vulnerable to these man in the middle attacks. In these situations, an adversary can get the client’s request to the server and send the server a request for export-grade keys. After they receive the keys they can start breaking the keys on their own PC, which roughly takes 2 weeks. Faster versions could use services such as Amazon’s cloud service to break the key, which would take only a few hours.

This vulnerability in SSL/TLS protocol is called “FREAK”, which stands for Factoring RSA Export Apple and Android Keys. Apple announced that they are going to fix this issue in their next patch, but Android users should rely on their service providers, as there is no patch to be released by Google about this matter just yet. Microsoft also said that its implementation of SSL/TLS in all versions of Windows is vulnerable to this attack.

The technical description about the attack is written in the upcoming research draft paper to be presented at IEEE Security and Privacy 2015. Users can use this link to test any website and find whether out whether the website is vulnerable to FREAK attacks or not.

Man-in-the-middle attacks are a common scenario, and a powerful attack on any client. An adversary impersonates both parties in the communication and eavesdrops on all messages, making both parties believe that they are communicating with each other while the adversary manipulates them both. This is a common attack however, and there are some measures you can take as precaution.

Bitcoin has a perfect solution for these scenarios with its blockchain technology. A ledger that is kept by all the parties that can store different information. Would this man-in-the-middle attack on SSL happen if clients had all the records of a server in a distributed ledger like we have in Bitcoin? Obviously the client could have easily noticed that someone was impersonating the server, and therefore he could terminate the communication. Distributed, decentralized networks with the blockchain model have so much to offer, and could help prevent many similar cyber security attacks.

Did you enjoy this article? You may also be interested in reading these ones:

Internet-Wide SSLv3 Vulnerability Exposed: Google and BitMEX Offer Fixes OpalCoin Developer: Hacker Used Fake-Wallet Attack to Steal 17% of Supply Blockchain Technology Could Have Prevented Louisiana’s Deadly Bacteria Leak
Tags
Blockchain
Android
Apple
Related Posts
Telegram’s Blockchain OS Could Soon Appear in App Stores
Google Play market and Apple's AppStore will reportedly soon feature the Telegram Open Network (TON) operating system (OS), an end-to-end open-source infrastructure that allows developers and users to work with the TON blockchain. The TON OS will soon become available on smartphones and personal computers for mainstream users, a source close to Telegram told Russian news agency RBC on April 29. TON OS is not an alternative to existing operating systems, but will serve as an add-on for devices, making them able to support blockchain applications. Big plans for the future The source said that with TON OS, users can …
Technology / April 29, 2020
BitTorrent to Begin Alpha Testing Blockchain-Based Streaming Platform
Major file sharing company BitTorrent, a subsidiary of blockchain company Tron, is going to internally test its blockchain-based live streaming platform in Q3 2019. Platform overview BitTorrent announced the news in an official blog post on Aug. 27. According to the announcement, the streaming platform — called BitTorrent Live (BLive) — supports live video content and an instant messaging service. Additionally, its underlying system reportedly contains a top user chart and a user relationship feature. BitTorrent intends to roll out BLive in alpha, beta and full versions from Q3 2019 to Q1 2020. The current alpha version features a small …
Blockchain / Aug. 28, 2019
Crypto Exchange With 2 Million Users Launches Apps for Apple and Android Devices
A crypto exchange that claims it has amassed more than 2 million registered users in the space of four months has released new apps for Android and Apple smartphones. As well as supporting transactions in a multitude of cryptocurrencies, Bitsdaq says its app offers real-time updates on movements in the markets — and enables users to make withdrawals and deposits quickly. The software is currently available in English, simplified Chinese and traditional Chinese. With the crypto exchange market growing increasingly congested, Bitsdaq says many platforms have been suffering from poor levels of platform security, inefficient liquidity, disappointing customer service and …
Blockchain / June 7, 2019
Game On! ‘Crypto Arcade Playground’ to Help Indie Developers Compete With Giant Studios
For small indie game developers, the advent of Apple’s App Store and Google Play has proven to be both a blessing and a curse. While one-man bands were able to upstage some of the world’s largest game publishers initially – Flappy Bird, anyone? – established studios have started to catch up, with competition in the marketplace rife and high commission fees eating into already tight profit margins. However, a decentralized “crypto arcade playground” is hoping to help smaller creators survive and succeed by enabling them to target gamers through blockchain – giving them a chance to market and monetize their …
Blockchain / Oct. 1, 2018
Blockchain Platform to Challenge App Stores With ‘Borderless Payments’
A new platform is going to allow anyone to establish their own eCommerce content store and receive payments from anywhere in the world – reducing costs for their consumers and opening the door to fast-growing emerging markets. The platform would allow service providers and other entreprises to build up applications or services on it’s blockchain. Bezant claims that many small businesses and individuals are missing out on opportunities to thrive because they cannot accept alternative payment methods. Credit cards and bank transfers are the most commonly used and accepted means of payment worldwide, but unbanked consumers without access to these …
Blockchain / June 19, 2018