OpenSLL and Secure Transport, tools which provide the secured HTTPS connections, may have some flaws which would allow hackers to extract sensitive information. OpenSLL and Secure Transport encrypt online access to bank accounts and e-mails. OpenSLL is an open source code that is used for Androids as well as other devices. Secure Transport is used on Apple iOS and OSX products including Safari.
“Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.”
The security encryptions can be exploited by users on a shared network. The vulnerability exists as a result of bugs in OpenSSL and Secure Transport which can trick the encryption softwares into accepting short, and therefore easily cracked, access codes from servers. An estimated 36 percent of the most popular webpages, including government sites like the White House site and the NSA site, will drop down to short keys if hacked.
OpenSLL has provided fixes for the bug which allows for the vulnerabilities. Apple is expected to put out a patch for the Secure Transport bug also. Users should update their softwares to remove the vulnerabilities. The bug is said to be low severity but users on older Androids or with embedded items which cannot be updated, accessing compromised servers may prove risky.
Read More – FREAK Out: Apple and Android SSL is Wide Open to Snoopers (The Register, Iain Thompson)