It has been revealed that a security flaw caused by the US government has left millions of Android and Apple users worldwide vulnerable to hackers. The flaw known as “FREAK attack” is blamed on old US government policy, which was abandoned more than a decade ago. The policy forced US software makers to use weaker security encryption in software sold overseas. The weaker encryption used a 512-bit code, which was once seen as cutting edge but has been crackable since 1999. To crack this code would take a skilled hacker around seven to eight hours. The more advanced 1024-bit code used now would take a team of hackers at least a year to crack it.
The vulnerability is known to affect Apple web browsers and the browser built into Google’s Android software. Google’s Chrome browser, current browsers from Microsoft and Firefox-maker Mozilla are not affected.
Researchers recently discovered that they can still trick browsers on Mac computers and Android phones and tablets into using the weaker encryption, which can then be cracked pretty easily. The researchers also mentioned that a third of encrypted websites are still vulnerable with many popular websites and some internet browsers continued to accept the weaker software, or being tricked into using it.
Apple has said it will have a fix available next week and Google said it has provided an update to device makers and wireless carriers but it is not known if all Android devices will get this update. This could be the first of more security flaws due to US Government policies and hackers will be actively looking for more exploits.