FREAK security hole: Passwords on Android and iOS apps at risk

At first, we thought the FREAK security vulnerability was isolated to Internet browsers. Then, it became clear that Windows OS is vulnerable to FREAK attacks. The latest news is that this problem is now able to affect smartphones and mobile devices through apps on Android and iOS. The FREAK vulnerability is a security backdoor created by an old Clinton administration era government policy which required all exported software and hardware to have weak encryption keys. Obviously their policy was passed without much foresight. FREAK attacks cripple HTTPS security, allowing for sensitive data like passwords and credit card information to be snatched by hackers savvy to the susceptibility.

These days, there are apps for everything, including shopping, finance, and medical data. All of this information can be seized by FREAK attacks if an app's server isn't using strong encryption along with other security protocols. According to the security researchers at FireEye, 1,228 Android apps and 771 iOS apps are vulnerable to FREAK attacks. These aren't bottom-of-the-barrel apps. Each of the affected Android apps has over 1 million downloads. The apps which are connected to servers with weak 512-bit encryption are the most susceptible to attack.

Apple users might have noticed there is a new iOS update 8.2. It includes a patch against FREAK, so go ahead and install it to keep your data more secure. The most recent browser updates released offer similar patches, so stop putting off the update because you hate restarting your computer. These patches are an important part of blocking FREAK attacks, making it well worth your rebooting time.

If you are curious about your browser's vulnerability, you can use the FREAKattack tracking website to test your browser.

Source: ars Technica