BlackBerry last to close "Freak" vulnerability
BlackBerry spokeswoman Kim Geiger said last week that the company is working on a software update to protect devices that could be affected by this Open SSL exploit which attacks both mobile and desktop browsers. So far, the company says it has not had one customer complain about being affected by "Freak."
Besides attacking elements on a website, the bug can allow hackers to steal your passwords and other personal information. Still, those in the security business say that the odds of users facing an attack from "Freak" is very slim. Ironically, the genesis of the bug is U.S. government policy that prevents higher-grade encryption software from being exported. Instead, weaker software was sent to other countries, recycled, and was placed inside technology that ended up back in the U.S. It is the weaker encryption standard on some browsers that allows these hackers to get their "Freak" on.
The exploit was undiscovered for years until researchers discovered a way to force a browser to use the weaker encryption and eventually break the code in hours. The U.S. government is still trying to weaken strong encryption software that makes it hard for law-enforcement to get what they claim is necessary information. Besides cracking the weaker encryption on a user's browser, the victim would also have to have his intranet compromised.
The list of impacted BlackBerry products includes BlackBerry 10 OS (all versions); BlackBerry 7.1 OS and earlier (all versions); BES12 (all versions); BES10 (all versions); BES12 Client (iOS) (all versions); Secure Work Space for BES10/BES12 (Android) (all versions); Work Space Manager for BES10/BES12 (Android) (all versions); Work Browser for BES10/BES12 (iOS) (all versions); Work Connect for BES10/BES12 (iOS) (all versions); BlackBerry Blend for BlackBerry 10, Android, iOS, Windows and Mac (all versions); BlackBerry Link for Windows and Mac (all versions); BBM on BlackBerry 10 and Windows Phone (all versions); BBM on Android earlier than version 18.104.22.168; BBM on iOS earlier than version 22.214.171.124; BBM Protected on BlackBerry 10 and BlackBerry OS (all versions); BBM Protected on Android earlier than version 126.96.36.199; BBM Protected on iOS earlier than version 188.8.131.52; and BBM Meetings for BlackBerry 10, Android, iOS, and Windows Phone (all versions).
A test conducted by the University of Michigan found that one-third of all encrypted websites are vulnerable to this bug. This type of hacking is popular in countries like China and Iran that spy on online traffic. It also can be used when a hotel guest logs onto the internet whether using a mobile or desktop device.
Thanks for the tip!
source: BlackBerry via WashingtonPost, FinancialPost