Encryption flaw opened Android and Apple smartphones to online drive-by attacks

Smartphones easily 'pwned' due to OpenSSL flaw that tricked devices into using decades-old encryption standard

Ninety-five per cent of the world's smartphones in use today have been wide open to a decade-old flaw that would have enabled attackers to steal passwords and other sensitive data.

The security flaw, dubbed "Freak", would have exposed visitors to US government websites - and possibly many more - to drive-by attacks. The websites that exploited the flaw included Whitehouse.gov, NSA.gov and FBI.gov.

News of the flaw was made public when internet company Akamai revealed in a corporate blog for customers that it was working to provide a fix. The flaw was discovered following last year's discovery of a catastrophic flaw in OpenSSL.

"The problem is that, until CVE 2015-0204 was raised - and fixed - an OpenSSL client using strong ciphers (anything other than export) could be tricked into accepting such a weak key. An attacker connects to the web server with an export cipher and gets a message signed with the weak RSA key, wrote Akamai's Rich Salz.

He continued: "He then cracks that key. The following day, for future connections from innocent browsers, he can act as a man in the middle. The attacker will use the cracked key to connect to clients, who will accept it. The attacker will then have access to all communication between the client and server. A server that does not support the export ciphers will never use the export RSA key and never send it to a client. A client that has the CVE fixed will never accept such a key."

The security flaw was found by a team of researchers from Microsoft and IT security organisations in the US, France and Spain. It was the result of a ban on US exports of "strong" encryption until the late 1990s, which saw much weaker security standards adopted in widely used software instead. The use of that software continued as a result of inertia in the IT industry, even after the US export ban was lifted.

"Researchers discovered in recent weeks that they could force browsers to use the old export-grade encryption then crack it over the course of just a few hours. Once cracked, hackers could steal passwords and other personal information and potentially launch a broader attack on the Web sites themselves by taking over elements on a page, such as a Facebook 'Like' button," reported the Washington Post.

John Hopkins University cryptographer Matthew Green, one of the researchers who helped uncover the flaw, said that it demonstrated the folly of governments' attempts to mandate backdoors into secure software so that they could eavesdrop on people's online and communications activities.

Weakening security, he said, added complexity that attackers with nefarious intent could - and would - exploit. "When we say this is going to make things weaker, we're saying this for a reason."

The name "Freak" stands for "factoring related attack on RSA keys" and describes how the attack works against the Data Encryption Standard (DES) when one system authenticates with another.

While superficially strong, the 512-bit RSA encryption technology used for authentication purposes is fundamentally flawed, and the basic 56-bit DES encryption has been phased out of mainstream use more than a decade ago. However, some websites can force devices to revert to this old standard and thereby crack the devices' security.

"More than a quarter of encrypted Web sites - including those bearing the 'lock' icon that signifies a connection secured by SSL technology - proved vulnerable to attack in recent tests conducted by University of Michigan researchers J. Alex Halderman and Zakir Durumeric," claimed the Washington Post.