Millions Of Online Shoppers’ Confidential Information Is Visible To Hackers Due To Weak Security

Posted: Mar 4 2015, 12:41pm CST | by , Updated: Mar 4 2015, 10:46pm CST, in News | Technology News


Millions of Online Shoppers’ Confidential Information Is Visible to Hackers Due

Millions of Google and Apple subscribers’ confidential details are highly vulnerable to a hack.

According to the latest reports, millions of Google and Apple subscribers’ confidential details are highly vulnerable to a cyber attack, which has resulted from flawed US encryption standards from 1990s. Analysts are calling it “FREAK” vulnerability. iOS and Android users are at risk are those who utilize default browsers, Safari and Chrome, respectively. In order to understand the basics of the whole situation, you need take a look at the history of cryptography.

FREAK stands for Factoring attacks on RSA Export Keys. In order to secure websites, a debate was held back in 1990s, in which researchers and developers participated to provide their feedback. R&D highly recommended that it was critically important to protect subscriber’s confidential information; however, authorities strongly believed that that law enforcement will be in trouble.

According to researchers, the vulnerability in the security has been a result of setting up weak export cipher suites, introduced under the pressure of US government agencies to ensure that the NSA would be able to decrypt all foreign encrypted communication.

FREAK has been discovered by a team of developers under supervision of Karthikeyan Bhargavan in Paris, in coordination with Matthew Green who is a cryptographer at John Hopkins University. Green has also mentioned that even the government agency websites are highly vulnerable to cyber-attacks. According to The Washington Post, “The weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year”.

In addition, this also means that a number of websites which are developed to provide 512 bit keys for security upon request, regardless they can be hacked in a matter of hours. As a conclusion, a hacker can simply visit a website, and after acquiring its weak key ID, can easily crack it and make all kinds of changes on to the website.

A number of incidents have been reported in the past where hackers have hacked a website and posted undesirable content. A similar example can be that you can be safe using a home WiFi network however, you can be at high risk if you access a public network in a coffee shop or mall. According to analysts, this also means that your confidential financial information will be widely visible to hackers incase when you shop online or simply check your back details using an internet browser.

Hackers can acquire all sort of information that you have entered on a vulnerable website. There is a long list of websites which are currently at high risk of being hacked. Banks including American Express and various other websites including Groupon and Marriott are comparatively at higher risk. One site reports that according to figures, around 10% of top 1 million websites at Alexa are affected at the moment.

Analysts also strongly believe that this vulnerability is caused due to government agencies interested in keeping a “backdoor” into encryption products when required. Researchers have strongly condemned the use of weak encryption due to the pressure from law enforcement agencies. According to Mr. Green from John Hopkins University, backdoors are never worth it since they always come back and put you in trouble.

You May Like


The Author

<a href="/latest_stories/all/all/32" rel="author">Ahmed Humayun</a>
Ahmed Humayun is a technology journalist bringing you the hottest tech stories of the day.




Leave a Comment

Share this Story

Follow Us
Follow I4U News on Twitter
Follow I4U News on Facebook

You Also Like


Read the Latest from I4U News