The Apple logo is pictured on the front of a retail store in the Marina
neighborhood in San Francisco, California April 23, 2014.
Credit: Reuters/Robert Galbraith
The vulnerability in web encryption technology could enable attackers to spy on communications of users with vulnerable software, including Apple's Safari browser and Google Inc's (GOOGL.O) Android browser, according to researchers who uncovered the flaw.
A representative for Google said he had no immediate comment.
The Washington Post reported that the bug left users of Apple and Google devices vulnerable to cyberattack when visiting hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov. http:
Whitehouse.gov and FBI.gov have been fixed, but NSA.gov remains vulnerable, the paper cited Johns Hopkins cryptographer Matthew D. Green as saying.
A group of nine researchers discovered that they could force web browsers to use an form of encryption that was intentionally weakened to comply with U.S. government regulations that ban American companies from exporting the strongest encryption standards, according to the paper.
Once they caused the site to use the weaker encryption standard, they were then able to break the encryption within a few hours. That could allow hackers to steal data and potentially launch attacks on the sites themselves by taking over elements on a page, the newspaper reported.
The group of researchers dubbed the flaw Freak, for "Factoring RSA-EXPORT Keys," according to a website where they described the vulnerability.
~ Jim Finkle
0 comments:
Post a Comment