Hundreds of Android apps are still exposed to FREAK vulnerablility

According to network security company FireEye, about 1228 Android apps that have been downloaded 6.3 billion times from the Google Play store are still vulnerable to the FREAK bug.The company published research on Tuesday and mentioned that both Android and iOS apps are yet vulnerable to a FREAK attack.

FREAK authorizes attackers to force data traveling between a vulnerable website or operating system to servers to use weak encryption protocols. If it is integrated with a man-in-the-middle attack, it can obstruct and crack the data as the user is unintentionally using a lower level of encryption rather than trusted.

FireEye declares both of the latest Android and iOS platforms to be vulnerable to the security issue. Despite Google and Apple issued patches, these apps may still be vulnerable when connecting to servers that accept RSA_EXPORT cipher suites.

Researchers Yulong Zhang, Hui Xue, Tao Wei and Zhaofeng Chen went through the Google Play app store in order to discover how severe the FREAK vulnerability could be until now. Around 10,985 popular apps have been scrutinized by the team with over one million downloads each and it has been found that 11.2 percent of them, 1,228 apps in total, are still vulnerable to the bug due to the reason that they “use a vulnerable OpenSSL library to connect to vulnerable HTTPS servers.”

About 664 of these apps use Android’s bundled OpenSSL library and 554 count on custom libraries.
According to the security researchers, 771 out of 14,079 — 5.5 percent — of popular iOS apps are connected to vulnerable services and, therefore, are vulnerable to FREAK attacks on iOS versions below 8.2, which has been patched. Moreover 771 apps have their own vulnerable versions of OpenSSL and they are vulnerable on iOS 8.2.

“Without necessarily breaking the encryption in real time, the attacker can record weakly encrypted network traffic, decrypt it and access the sensitive information inside,” FireEye said.FREAK may be a devastating attack as it could be used for to leak credentials and credit card information. Furthermore, “medical apps, productivity apps and finance apps” are also believed to be vulnerable.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...