BlackBerry last to close "Freak" vulnerability - PhoneArena
Save on Samsung Galaxy S22 Ultra

BlackBerry last to close "Freak" vulnerability

Windows iOS BlackBerry Apple Android Microsoft Google
Alan F.
14
BlackBerry last to close "Freak" vulnerability
Last week, BlackBerry said that it was feverishly working on a patch that would prevent its users from being hacked by a bug called "Freak." This software issue could allow hackers to spy on private communications and could also lead to attacks on web sites. Apple and Microsoft have already sent out software updates to deal with "Freak," while Google said last week that it already has a patch ready to protect manufacturers and carriers who sell Android devices.

BlackBerry spokeswoman Kim Geiger said last week that the company is working on a software update to protect devices that could be affected by this Open SSL exploit which attacks both mobile and desktop browsers. So far, the company says it has not had one customer complain about being affected by "Freak."

Besides attacking elements on a website, the bug can allow hackers to steal your passwords and other personal information. Still, those in the security business say that the odds of users facing an attack from "Freak" is very slim. Ironically, the genesis of the bug is U.S. government policy that prevents higher-grade encryption software from being exported. Instead, weaker software was sent to other countries, recycled, and was placed inside technology that ended up back in the U.S. It is the weaker encryption standard on some browsers that allows these hackers to get their "Freak" on.

The exploit was undiscovered for years until researchers discovered a way to force a browser to use the weaker encryption and eventually break the code in hours. The U.S. government is still trying to weaken strong encryption software that makes it hard for law-enforcement to get what they claim is necessary information. Besides cracking the weaker encryption on a user's browser, the victim would also have to have his intranet compromised.

The list of impacted BlackBerry products includes BlackBerry 10 OS (all versions); BlackBerry 7.1 OS and earlier (all versions); BES12 (all versions); BES10 (all versions); BES12 Client (iOS) (all versions); Secure Work Space for BES10/BES12 (Android) (all versions); Work Space Manager for BES10/BES12 (Android) (all versions); Work Browser for BES10/BES12 (iOS) (all versions); Work Connect for BES10/BES12 (iOS) (all versions); BlackBerry Blend for BlackBerry 10, Android, iOS, Windows and Mac (all versions); BlackBerry Link for Windows and Mac (all versions); BBM on BlackBerry 10 and Windows Phone (all versions); BBM on Android earlier than version 2.7.0.6; BBM on iOS earlier than version 2.7.0.32; BBM Protected on BlackBerry 10 and BlackBerry OS (all versions); BBM Protected on Android earlier than version 2.7.0.6; BBM Protected on iOS earlier than version 2.7.0.32; and BBM Meetings for BlackBerry 10, Android, iOS, and Windows Phone (all versions).

A test conducted by the University of Michigan found that one-third of all encrypted websites are vulnerable to this bug. This type of hacking is popular in countries like China and Iran that spy on online traffic. It also can be used when a hotel guest logs onto the internet whether using a mobile or desktop device.

Thanks for the tip!

source: BlackBerry via WashingtonPost, FinancialPost
Loading Comments...

Latest News

Google will most likely not release a successor to Android 12L
Google will most likely not release a successor to Android 12L
Americans are deleting period-tracking apps in droves because of the Roe v Wade ruling
Americans are deleting period-tracking apps in droves because of the Roe v Wade ruling
Amazon once again comes out with an awesome sale on Anker chargers
Amazon once again comes out with an awesome sale on Anker chargers
Yet another UK operator introduces roaming charges for EU travel
Yet another UK operator introduces roaming charges for EU travel
Xiaomi finally reveals the date and time of its new 12S series announcement
Xiaomi finally reveals the date and time of its new 12S series announcement
This $40 device effortlessly replaced my $350 Apple Watch Series 7
This $40 device effortlessly replaced my $350 Apple Watch Series 7

Popular stories

Verizon and AT&T customers are suing T-Mobile for raising their prices (yes, really)
Verizon and AT&T customers are suing T-Mobile for raising their prices (yes, really)
T-Mobile is keeping a popular old feature unchanged following customer outcry
T-Mobile is keeping a popular old feature unchanged following customer outcry
No 120Hz display for iPhone 14: But Apple has a secret for smooth performance (that Android doesn’t)
No 120Hz display for iPhone 14: But Apple has a secret for smooth performance (that Android doesn’t)
This $40 device effortlessly replaced my $350 Apple Watch Series 7
This $40 device effortlessly replaced my $350 Apple Watch Series 7
Pixel 7 and Pixel Watch: Samsung-Google alliance gets stronger - could be a threat for Android
Pixel 7 and Pixel Watch: Samsung-Google alliance gets stronger - could be a threat for Android
New report brings unexciting Samsung Galaxy S23 camera news
New report brings unexciting Samsung Galaxy S23 camera news
FCC OKs Cingular\'s purchase of AT&T Wireless