Thursday, March 5, 2015

Phones And Websites Are Vulnerable To Hackers, Courtesy Outdated Encryption Keys!

 A government policy prohibited export of products with strong encryption in the 90s. Now due to that policy, users of Android and Apple phones have become prone to hacks. Last month researchers discovered that millions of devices and websites are using an outdated encryption key to secure communications.
encryption,  Android, Apple, security vulnerability,  Clinton government mandate,  weak cryptography, poor encryption keys, NSA, FBI, Freak vulnerability



This weak key is an outcome of a mandate from the Clinton government. This mandate makes software and hardware makers use poor cryptography in products which are exported outside the U.S. Once the restrictions were lifted in the late 90s and then several tech agencies abandoned the weak cryptography. But researchers' observation shows the old keys are still used in several modern devices and websites.

This discovery has been made after officials in the U.S. and Britain start forcing tech firms to create back doors for law enforcement agencies into the new hard-to-crack encryption used in the new products. These back doors can be exploited by hackers too in order to seize communications, keeping general customers at high risk level. NSA and FBI had urged several tech companies to keep a back door open for law enforcement agencies.

Till now, hackers have not exploited this flaw and tech companies are also working hard to fix the issues. On Wednesday, Apple said the vulnerability will be patched through software updates for both iOS and Mac OS X next week. Google also said that a patch has already been developed to protect Android connections to websites and the patch has been shared with Android manufacturers too. BlackBerry and Amazon products are also affected by the flaw, though their views on the same are not known yet.

A list of the vulnerable websites and services is being shared on a website . The vulnerability has been named Freak and it can be used to crack a 512-bit encryption key in seven hours. 



Courtesy:- efytymes

No comments:

Post a Comment