Notice
This website or its third party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy. If you want to know more please refer to the cookie policy.
By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.

Firefox and Opera are the first Android web-browsers to fix the FREAK vulnerability

Posted on 2015-03-18 12:11:22 by Giuseppe Anzalone - 0 Comments

About two weeks later the announcement of FREAK, the latest SSL/TSL vulnerability that allows an active Man In The Middle attacker to break an HTTPS connections to steal sensitive data, it looks like almost nobody, among the web-browser developers for Android, is taking care about the problem.

Image 1
Nobody except Mozilla and Opera that seem currently the only ones to have promptly released a patch to fix FREAK vulnerability on client side.

What is the FREAK attack?

It's an attack to HTTPS connections, based on a bug on OpenSSL and other TLS libraries, that allow an attacker to force browser to use an old and weak encryption (also known as the export-grade key).
It was discovered by Karthikeyan Bhargavanat at INRIA  and the miTLS team.
In order to successfully conduct a FREAK attack, the attacker must be in the middle between a client and a server and both of them must be vulnerable. This mitigates a little bit the risk, anyway millions of Android devices are vulnerable and a relevant percentage of web-servers too.  It would have therefore been good if all web-browser developers and all web-masters had done all in their power to fix this issue.

Some similarity with POODLE attack?

Yes, of course! The Man In The Middle and the forced use of a weaker protocol to communicate are details that bring our thought to the POODLE. The older vulnerability due to the SSLv3 protocol that concerned an huge amount of Android devices too.

What is the solution?

The only think you can do to protect your Android device during encrypted web navigation, is to use a web-browser that released a patch for FREAK vulnerability.

How can I check if my web-browser or my web-server are safe?

You can check your web-browser for FREAK vulnerability by visiting the following link and for POODLE vulnerability by this one.
If you are a web-master you can use this  online tool  by Symantec to check your web-server for FREAK attack, POODLE attack and more.

So, which Android web-browsers are safe against the FREAK attack?

Today we tested the latest available version of some of the most commonly used Android web-browsers to evaluate their vulnerability to FREAK attack and, while we were about it, we also checked if they disabled the use of the old SSLv3 protocol and are then safe against a POODLE attack.

We did the tests on a Galaxy Nexus with Android 4.3.0 and here following there is the result.

Web Browser
Version
FREAK attack
POODLE attack
Firefox
36.0.2
Safe
Safe
Dolphin Browser
11.4.3
Vulnerable
Vulnerable
UC Browser
10.3.0.552
Vulnerable
Vulnerable
Chrome
40.0.2214.109
Vulnerable
Safe
CM Browser
5.1.174
Vulnerable
Vulnerable
Opera
28.0.1764.89981
Safe
Safe
Opera Mini
7.6.40234
Vulnerable
Safe

In conclusion

All our appreciation goes to Mozilla's Team for their good job. They diligently work to one of the best available Android web-browser, never forgetting to take care about security matters. The same appreciation goes to Opera's Team even if we would like to see as soon as possible also the opera mini version fixed.
We strongly suggest to all user to use Firefox or Opera hoping that the other web-browser brands will follow as soon as possible the good example of Firefox.

Security
Giuseppe Anzalone
Hello, I am Giuseppe, electrical engineer and programmer. I've been working in the industrial automation field since 2004, designing electronic boards and developing software for real-time control. For some years now, I'm also strongly involved in web-developing and in IT security. What else... oh yeah, I'm addicted to free climbing!
Featured Articles
2019-11-29
These days, mobile games are dime a dozen. As a result, developers don’t have as much leeway as they once did. If your game isn’t as close to perfect as possible straight out of the gate, it is unlikely to make a mark.
2016-03-19
As our reliance on smartphone increases, the disaster it would cause if they suffered a cyber-attack also goes up. Fortunately, there are a few simple steps you can take that will help to ensure the safety of your device and protect you and your data.
2016-01-11
Tor is one of the open source project I’m most fond of, because of the quality of the service and the admirable mission behind it: improving privacy and ensuring concealed identities to the users during the access to the web resources.
2015-11-05
Don't you know that you can launch and use TorrApk like an app on your Android Device? Thanks to Google Chrome’s web app support functionalities, you can access TorrApk with just a touch on your smartphone.
Latest articles
2018-07-28
There are some great apps out there, that every woman should have on her phone, and knowing which ones you should download, to suit your individual needs is important, and can make your daily life, just a little bit easier.
2017-06-15
Mobile security apps are useful tools to keep your device performance intact. Let’s discuss top 5 security apps for Android in this article.
2016-12-10
Today, android mobile phone users will be able to find a number of android antivirus apps but they need to choose the best one to use. When downloading apps it's crucial that you use a genuine app store and effective apps like...
2016-11-04
If you are looking for a fun way to connect with people online and a 3d sex game that you can play on your tablet/smartphone you should strongly consider giving Yareel sex game for android a download.
2016-07-06
There have been many rumors flying about the Xiaomi Mi note 2 and now there is an even more exciting aspect of this tech. Xiaomi and its flagship devices have been overtaken by some of the other popular competitors in the market such as the....
Follow us on social networks
Latest updated apps