Called Freak, Factoring attack on RSA-EXPORT Keys, the security breach exists on high-profile websites. It is supossed that seven hours is all it takes to crack the encryption that is in place on some supposedly secure websites. Browsers can be hijacked and tricked into accessing websites using legacy encryption.  There was distrust that such old protection measures were still being used, but it soon became clear that hackers can exploit the weak security and steal passwords or personal information.

The vulnerability allows hackers to intercept HTTPS connections between vulnerable clients and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered. We found that “a connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable. Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites” it said.

The FREAK attack wa discovered at INRIA in Paris and it is assumed that websites which support RSA export cipher suites are at risk to having HTTPS connections intercepted. If you run a website, you should disable support for any export suites.

More information about “Freak Attack”  you can find here.