It feels like only yesterday that we were vulnerable to attacks exploiting recently uncovered security vulnerabilities on our PCs. Now, Microsoft is warning us again that hundreds of millions of Windows PC users are vulnerable to attacks exploiting a recently uncovered “Freak” (Factoring RSA-EXPORT Keys) security vulnerability, which was first believed to only threaten mobile devices and Mac computers.
Watch this video about what the “Freak” attack means:
News of the vulnerability surfaced when a group of nine security experts disclosed that ubiquitous Internet encryption technology could make devices running Apple’s iOS and Mac operating systems, along with Android browsers, vulnerable to cyber-attacks, reported The Sydney Morning Herald.
On Thursday March 5 (US time), Microsoft released a security advisory warning customers “their PCs were also vulnerable to the ‘Freak’ vulnerability.”
U.S. government regulations banning the export of the strongest encryption has led to the intentional weakening of encryption technology.
This weakness can allow attacks on PCs that connect with web servers configured to use this encryption technology.
If hackers were to be successful, they could infect PCs with malicious software, as well as spy on communications, the researchers who uncovered the threat said on Tuesday. The Washington Post reported that whitehouse.gov and fbi.gov were among the sites that were vulnerable to these attacks, but that the government had now secured them.
Security experts said hackers would need to use hours of computer time to crack the encryption before launching an attack and this makes it relatively difficult to exploit.
Microsoft has advised system administrators to “disable settings on Windows servers that allow the use of the weaker encryption.” They also said it was “investigating the threat and has not yet developed a security update that will automatically protect Windows PC users from the threat.”
Google said it has developed a patch, which it has provided to partners that make and distribute Android devices. Apple has developed a software update, which will be pushed out to customers next week.
I can’t help but wonder if it’s ever going to be completely safe to use technology. It seems like there is always someone wanting our information. But this is the day and age we live in.