Millions at risk from 'Freak' encryption bug

Microsoft's warning suggests millions more may be at risk of losing data

Tags: Microsoft Corporation
  • E-Mail
Millions at risk from 'Freak' encryption bug The Freak flaw means that if hackers are successful, they could spy on communications as well as infect PCs with malicious software.
By  Helen Gaskell Published  March 8, 2015

Microsoft has issued a security warning about a bug that could let attackers spy on supposedly secure communications, the BBC reports.

The bug, which is called "Freak", was found in software used to encrypt data passing between web servers and web users and was initially thought to only affect some users of Android and Blackberry phones and Apple's Safari web browser.

In a security advisory note released on Thursday, Microsoft said every current version of Windows that uses Internet Explorer, or any non-Microsoft software that calls on a part of Windows called Secure Channel, was vulnerable to the Freak flaw.

The flaw was discovered by encryption and security expert Karthikeyan Bhargavan and means that if hackers are successful, they could spy on communications as well as infect PCs with malicious software.

The Washington Post reported that whitehouse.gov and fbi.gov were among the sites vulnerable to these attacks, but that the government had secured them.

Apple said it had developed a software update to address the vulnerability, which would be available to customers next week and Microsoft has issued advice about ways to remove the vulnerability from some of its software but said applying these fixes could cause "serious problems" with other programs. It said it was working on a separate security update to remove the vulnerability.

In its advisory, Microsoft said it had not received any information that suggested the attack was being actively exploited by cybercriminals.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code