Thursday, 5 March 2015

Understanding and Fixing the FREAK Attack (CVE-2015-0204)

What is FREAK Attack?

FREAK is a new man-in-the-middle (MITM) vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA .

FREAK stands for “Factoring RSA-EXPORT Keys".

An attack method known as Factoring RSA Export Keys (FREAK) could allow an unauthenticated, remote attacker the ability to perform a man-in-the-middle (MiTM) attack, to bypass security restrictions, and to gain access to sensitive information.

The attack leverages a vulnerability in OpenSSL in which RSA temporary keys could be downgraded due to weak export cipher suites. An unauthenticated, remote attacker with the ability to perform a MiTM attack between a vulnerable client and server could exploit this vulnerability to decrypt SSL/TLS communication and gain access to sensitive information, which could be leveraged to conduct further attacks.


FREAK Attack VIDEO



How it works?
The scenario works like this:
  1. Vulnerable client sends plaintext ClientHello message containing supported ciphersuites, none of which is EXPORT.
  2. Attacker intercepts the ClientHello and replaces the ciphersuites with EXPORT ones.
  3. The server selects one of the EXPORT ciphersuites and responds with the reduced-length export key. If the server is not configured to use EXPORT ciphersuites, then it issues a fatal alert instead, and the connection stops.
  4. The attacker modifies the ServerHello response to replace the EXPORT ciphersuite with the non-export version, but leaves the weak key alone.
  5. Because of the bug, the client accepts the export key and negotiates a weakened TLS connection.

How to check for SSL FREAK Vulnerability?
$ openssl s_client -connect www.example.com:443 -cipher EXPORT

A handshake failure signifies that EXPORT cipher is not active on the server and it is safe.

(or)

http://www.freakattacktest.tk/index.html
https://tools.keycdn.com/freak 

Proof-of-Concept:

                                                          fig (a) As you can see there is no Handshake error


                                    fig (b) Handshake failure indicates that Export cipher is disabled

How to fix?
Upgrade the OpenSSL version to at least 1.02

Reference:
https://freakattack.com