What is the FREAK attack?
We use the HTTP protocol to browse the Internet and visit a website. When we type a URL in the browser, an HTTP request goes to the server, and the server responds with an appropriate HTML page. If we think about security, HTTP is an unsecured protocol. When data travels between the client and the server, it is unencrypted. As a result, it is not safe from attacks like the Man-In-The-Middle attack. So, we need some secure protocol to transfer sensitive data. For example, while transferring data for bank transactions, etc., we need a secure connection. And so, HTTPS was developed. (How does the HTTPS protocol work?)
HTTPS uses SSL/TLS (How does TLS protocol work?) for security. That means all data transferred between the server and the client or browser gets encrypted first and then transferred. First, a TLS connection is established between the server and client (browser), and a key is negotiated between them. And then, all data is encrypted with the key and sent over.
The FREAK attack is an attack in which the attacker exploits a vulnerability of SSL/TLS protocol and breaks the encryption to steal sensitive data transferred between the browser and the server.
How does the FREAK attack work?
Many a time, SSL/TLS protocol depends on RSA to transfer secret information between the browser and the server. Earlier, servers and clients used to use ‘export RSA’ instead of RSA. That would rely on 512-bit long, weaker export RSA encryption keys. Later, we stopped using ‘export RSA.’ But in many servers and browsers, the support for ‘export RSA’ remained.
The FREAK attack is an attack in which the attacker exploits this vulnerability and tricks the browser and the server into using ‘export RSA’ instead of a stronger RSA.
Let’s understand how the attack works.
- The browser uses HTTPS, which is HTTP over SSL/TLS, and tries to establish a secure connection to the server. For that reason, the browser sends a Client Hello message to the server and requests to use a standard, stronger RSA cipher suite.
- The attacker intercepts the conversation and replaces the RSA cipher suite message with ‘export RSA.’
- The server does not understand the trick and responds to the client with a 512-bit export RSA key signed with its certificate.
- The client (browser) also does not understand the trick and accepts ‘export RSA.’
- The communication starts using ‘export RSA.’
- The client and the server exchange pre-master secrets, i.e., the secrets on the encryption keys, using which the data will be encrypted further.
- The attacker easily breaks weaker export RSA encryption and gets the secret information.
- The attacker can now derive the secret keys using which the sensitive data will be encrypted and transferred between the browser and the server.
How to prevent FREAK attacks?
Almost all modern browsers have released security patches against the vulnerability of the FREAK attack. As per the security patches, modern browsers and servers removed the support for the ‘export RSA’ cipher suite, making our data more secure.
0 Comments