What is a Freak SSL attack, what is the risk and how can you mitigate that risk?

In Cyberattacks, Support

What is it?

Secure Sockets Layer (SSL), and the more modern Transport Layer Security (TLS) are encryption/decryption techniques used by computers when transferring data; https web sites use this technology. There are several algorithms that can be used to do the de/encryption. When a client computer contacts a server computer, they negotiate which algorithm to use.

Factoring RSA Export Keys (FREAK) is an attack that tricks a server into using the less secure encryption algorithm (SSL3) so that the traffic can be easily decrypted by the attacker. The Robert Heaton link below explains how this attack works in more detail.

Why is it a risk?

“Weak encryption is about as good as no encryption, and any connection tricked in this way would essentially be plaintext to the attacker” — Robert Heaton, (link below)

An attacker who can decrypt traffic travelling through a device can create a man-in-the-middle attack to either eavesdrop on communications (think banking information) or alter communications (think virus infection).

WiFi routers are especially attractive to attackers.

The OpenSSL vulnerabilities link below lists all known SSL vulnerabilities since 2002 and their severity.

How can you mitigate the risk?

To mitigate this kind of attack you must disable SSL on your equipment, only allowing the more secure TLS.

The digi77 link below provides links to tests for BEAST, HEARTBLEED, POODLE, DROWN and FREAK (client browser SSL) which you can use to determine if your server or client is vulnerable.

OpenSSL, link below, strongly recommends that you upgrade your server to version 1.1.1j if possible. If your system must be compliant with Federal Information Processing Standards (FIPS), then you should update to version 1.0.2 and follow additional configuration.