Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

“FREAK” Vulnerability (CVE-2015-0204)

    • Updated:
    • 1 Apr 2015
    • Product/Version:
    • Deep Security 9.5
    • Platform:
    • Amazon AMI 32-bit
Summary

On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they are vulnerable.

FREAK was discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team. They found that OpenSSL (versions prior to 1.0.1k) and Apple TLS/SSL clients are vulnerable to man-in-the-middle (MITM) attacks. Once attackers are able to intercept the HTTPS communication between vulnerable clients and servers, they force the connection to use the old export-grade encryption.

Attackers who “listen” in on the communication will then be able to decrypt the information with relative ease.

Apple’s SecureTransport is used by applications running on iOS and OS X. These include Safari for iPhones, iPads, and Macs. Meanwhile, OpenSSL is used by Android browsers and other application packages. From our understanding, the attack is possible only if the OpenSSL version is vulnerable to CVE-2015-0204.

Details
Public

OpenSSL has provided a patch for CVE-2015-0204 in January. Apple is reportedly deploying a patch for both mobile devices and computers.

Trend Micro recommends Android users to refrain from using the default Android browser in their devices. Instead, customers are advised to use Google Chrome app as it is not affected by the bug. Furthermore, connections to the Google search site are not affected.

Trend Micro has some solutions that already provide protection against this vulnerability:

  • Trend Micro Deep Security protects users from this vulnerability through the following DPI rule:

    OpenSSL RSA Downgrade Vulnerability (CVE-2015-0204)

  • For Servers: Deep Packet Inspection (DPI) Rules 1006561 and 1006562
  • For Clients: Deep Packet Inspection (DPI) Rule 1006485
  • Deep Security rule DSRU15-008
  • Businesses running websites and other server applications using export grade ciphers should upgrade their systems and upgrade to the latest OpenSSL.

Trend Micro is currently investigating all products known to use this version of OpenSSL and will update the list of products affected as they become available. Customers and partners who may need additional information or have questions are encouraged to contact their authorized Trend Micro representatives.

Products that are not affected:

Products
Deep Discovery Analyzer
Deep Discovery Email Inspector
Deep Security
Interscan Messaging Security Virtual Appliance
Interscan Web Security Suite
Interscan Web Security Virtual Appliance
Trend Micro Mobile Security for Enterprise
Trend Micro Security for Mac
Trend Micro Smart Protection Server
Worry Free Business Security Services

Reference:

Trend Micro Security Intelligence Blog - FREAK Vulnerability Forces Weaker Encryption

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1108282
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.