While whole world was worried about the FREAK vulnerability of the browsers, hundreds of popular apps of Android and iOS are still vulnerable to FREAK flaw. Man-in-the-middle attacks of FREAK are a result of the security loopholes left open about 20 years ago. It is a cryptographic encumbrance which allows attackers to force information travelling between some exposed website and the servers using affected encryption protocols.
A recent research by FireEye has analyzed more than 25,000 apps most popular Android and iOS apps. As a result, it found that 2,000 of them are still vulnerable to FREAK attacks. This research tells that in spite of the fixes issued by Apple and Google, users are at risk of these man-in-the-middle hacking attacks.
Researchers Hui Xue, Yulong Zhang, Tao Wei and Zhaofeng Chen scanned these apps and found that the condition of Android apps was worse. These Android and iOS applications have been downloaded more than six billion times.
Researchers wrote in the web release:
“After scanning 10,985 popular Google Play Android apps with more than 1 million downloads each, we found 1228 (11.2%) of them are vulnerable to a FREAK attack because they use a vulnerable OpenSSL library to connect to vulnerable HTTPS servers.
On the iOS side, 771 out of 14,079 (5.5%) popular iOS apps connect to vulnerable HTTPS servers.”
Talking about the other consequences of FREAK attack, earlier people thought that Microsoft Windows running machines are immune to this FREAK encryption flaw then it was found to false. This SSL and TLS security flaw isn’t just in Android and Apple, FREAK vulnerability is present in Microsoft’s SChannel stack too.
These days, Android and iOS apps are becoming the chief target of the attackers. The FREAK vulnerability poses a severe threat to the mobile privacy and security. Keeping in mind the same, app developers and biggies like Google and Apple must fix these bugs as soon as possible.
Also See: Top Tech News Of The Week
Did this news about FREAK vulnerability worry you? Tell us in comments!
Stay tuned for latest security and tech news from fossBytes!