“FREAK” flaw in Android and Apple devices cripples HTTPS crypto protection
Bug forces millions of sites to use easily breakable key once thought to be dead.
Another week, another nasty widespread security bug to worry about. This one has apparently been around since the 90s.
Dubbed “FREAK” by the researchers who discovered it, the exploit allowed researchers (and hackers) to sniff traffic going to and from many otherwise encrypted websites, by fooling them to reduce the encryption level.
Sites affected includes banks, government, etc, etc.
Vulnerable devices; anything Android and iPhone. And Macs. This roughly means anything mobile or portable.
We need to stop assuming that carriers, WiFi and internet providers will provide us with a secure method of making calls or exchanging text messages.
We need to protect and authenticate the data in transit, and we need to build security in the applications, not just trust the network to handle it. And this is not difficult to implement. apptimate.io offer the necessary technology as a cloud service. A few lines of code and your data-in-transit from your app, service or thing is protected.
The post âFREAKâ flaw in Android and Apple devices cripples HTTPS crypto protection appeared first on Apptimate.