‘FREAK’ Security Flaw – Vulnerable Apple and Android Browsers

Posted by Stefanie Kober Tue, 17 Mar 2015 11:32:00 GMT


We constantly consult the web for both important and frivolous inquiries. Therefore, a web browser search history can tell you a lot about a person. It’s private and sometimes embarrassing, but we trust that it will remain safely unseen on our phones and computers.

However, last week a new security flaw known as ‘FREAK’ plagued Apple and Google web browsers, potentially enabling hackers to break the encryption set to prevent digital eavesdropping, allowing them access to the sensitive information that millions of visitors may have submitted to websites.

Meanwhile, Apple and Google patched their web browsers and fixed the security flaw. Although there is no current evidence of hackers still exploiting this flaw, this occurrence represents the influence of government policies in cybersecurity and demonstrates that no company, large or small, is immune to cybersecurity vulnerabilities.

Researchers pinpoint to an antiquated government policy as the source of this issue. This policy, which was abandoned nearly ten years ago, required US software makers to employ weaker encryption methods in products sold overseas, in an effort to bolster national security. Mandating weaker encryption eventually harmed the US, as nearly one third of all encrypted websites, including big names such as American Express, Groupon, Kohl’s and Marriot, were vulnerable to the ‘FREAK’ flaw.

The arrival of this flaw demonstrates the danger of government policies that require weak encryption code in the interest of national security. As discussed by US President Barack Obama in the 2015 Cyber Security Summit, cross-sector and international collaboration is crucial to the acceleration of cybersecurity worldwide and each business must play its part to contribute to the increased cybersecurity on the international level.

As a private company or government entity, you can only ensure the security of your proprietary data and applications by implementing secure software solutions from independent and trustworthy software vendors. HOB solutions are “Made in Germany” and have been certified by the German Federal Office for Information Security according to Common Criteria EAL4+ standards. HOB promises that HOB solutions don’t have backdoors and only use the strongest encryption methods.

As many IT experts see mobile devices such as smartphones and tablets as a greater risk to information security, HOBLink Mobile is an app installed on a mobile device that requires user authentication before use, improving security. HOBLink Mobile allows your employees to access company emails, calendars, notes and contacts on their mobile devices. For a maximum of security, only data that is immediately required for the display is sent to the mobile device. Also, the data will only be loaded into the main memory for as long as the application is active. Once it is terminated, none of this data will remain on the device. In the event that the device is stolen or lost, there is no risk for a data breach since the data remains hosted on the corporate server, and not the device. With this secure remote access solution, your company will never be concerned with vulnerabilities like the ‘FREAK’ flaw.

More information on Secure Remote Access Solutions “Made in Germany” are available on our website www.hobsoft.com.

no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment