Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on March 6, 2015

HTTPS security flaw FREAK plagues Windows too


HTTPS security flaw FREAK plagues Windows too

Windows systems are vulnerable to FREAK, a decade-old bug that was discovered only this week affecting Android and Apple devices.

FREAK — short for Factoring attack on RSA-EXPORT Keys — allows hackers to decrypt HTTPS-protected Web traffic between browsers and millions of websites. Microsoft confirmed that Windows could be compromised the same way as Android, BlackBerry, iOS and OS X devices in an advisory published today.

The bug allows attackers to monitor traffic between vulnerable users and servers and inject malicious code which causes them to use a weak encryption key while transmitting data. They can then listen in on the exchange, masquerade as the target website and intercept data to read or modify it.

While Chrome for Mac has got an update that prevents this issue, its Android counterpart is still vulnerable with no sign of a fix in sight. Microsoft is yet to offer a solution either. Meanwhile, Apple has said that it will release patches for OS X and iOS next week.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

To check if your browser is safe from this issue, visit the vulnerability scanning service FREAKAttack.

We’ve contacted Microsoft and will update this post when we hear back.

Stop the presses: HTTPS-crippling “FREAK” bug affects Windows after all [Ars Technica]

Read next: How to protect yourself against hackers (or at least make it difficult for them)

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with