FREAK ("Factoring RSA Export Keys") is asecurity exploit of a cryptographic weakness in theSSL/TLS protocols introduced decades earlier for compliance withU.S. cryptography export regulations. These involved limiting exportable software to use onlypublic key pairs withRSA moduli of 512 bits or fewer (so-calledRSA EXPORT keys), with the intention of allowing them to be broken easily by theNational Security Agency (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-knownNumber Field Sieve algorithm, using as little as $100 ofcloud computing services. Combined with the ability of aman-in-the-middle attack to manipulate the initialcipher suite negotiation between the endpoints in the connection and the fact that the finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.^[1]

The flaw was found by researchers fromIMDEA Software Institute,INRIA andMicrosoft Research.^[2][3] The FREAK attack in OpenSSL has the identifierCVE-2015-0204.^[4]

Vulnerable software and devices includedApple'sSafari web browser, the default browser inGoogle'sAndroid operating system,Microsoft'sInternet Explorer, andOpenSSL.^[5][6]Microsoft has also stated that itsSchannel implementation of transport-layer encryption is vulnerable to a version of the FREAK attack in all versions ofMicrosoft Windows.^[7] The CVE ID for Microsoft's vulnerability inSchannel isCVE-2015-1637.^[8] The CVE ID for Apple's vulnerability in Secure Transport isCVE-2015-1067.^[9]

Sites affected by the vulnerability included the US federal government websites fbi.gov, whitehouse.gov and nsa.gov,^[10] with around 36% of HTTPS-using websites tested by one security group shown as being vulnerable to the exploit.^[11] Based on geolocation analysis using IP2Location LITE, 35% of vulnerable servers are located in the US.^[12]

Press reports of the exploit have described its effects as "potentially catastrophic"^[13] and an "unintended consequence" of US government efforts to control the spread of cryptographic technology.^[10]

As of March 2015^[update], vendors were in the process of releasing new software that would fix the flaw.^[10][11] On March 9, 2015, Apple released security updates for bothiOS 8 andOS X operating systems which fixed this flaw.^[14][15] On March 10, 2015, Microsoft released a patch which fixed this vulnerability for all supported versions of Windows (Server 2003, Vista and later).^[16]Google Chrome 41 andOpera 28 has also mitigated against this flaw.^[3]Mozilla Firefox is not vulnerable against this flaw.^[17]

The research paper explaining this flaw has been published at the 36th IEEE Symposium on Security and Privacy and has been awarded the Distinguished Paper award.^[18]

• BEAST (computer security)
• BREACH (security exploit)
• CRIME (security exploit)
• Logjam (computer security)
• POODLE
• Server-Gated Cryptography

• https://www.smacktls.com/
• https://web.archive.org/web/20150304002021/https://freakattack.com/
• https://tools.keycdn.com/freak/
• https://infogr.am/https_sites_that_support_rsa_export_suites
• http://www.sitemeer.com/Archived 2015-03-15 atarchive.today

• Web security exploits
• Cryptographic attacks
• 2015 in computing
• Transport Layer Security

• Articles with short description
• Short description matches Wikidata
• Articles containing potentially dated statements from March 2015
• All articles containing potentially dated statements
• Webarchive template archiveis links