Microsoft Corp has recently warned hundreds of millions of Windows PC users they that they are potentially vulnerable to attacks from the recently uncovered “Freak” security bug. Although this problem was initially thought to only threaten Android and iOS devices, Microsoft announced on March 5 that it could pose a hazard on Windows devices as well.
The “Freak” weakness could allow attacks on PCs which “connect with Web servers configured to use encryption technology intentionally weakened to comply with U.S. government regulations banning exports of the strongest encryption,” the Financial Post writes. If successful, hackers could spy on communications as well as infect PCs with malicious software. Before the government secured them, whitehouse.gov and fbi.gov were among the vulnerable sites.
Experts are not overly concerned with the issue, however. The vulnerability is said to be difficult to exploit because hackers would have to spend hours cracking the encryption before launching an attack. This includes finding a vulnerable web server, breaking its key, and then finding a vulnerable PC or mobile device and gaining access to it.
“I don’t think this is a terribly big issue, but only because you have to have many ducks in a row,” said Ivan Ristic, director of engineering for cybersecurity firm Qualys Inc.
Microsoft, Apple, and Google are all working of developing methods to make an attack more difficult. Microsoft is disabling settings on Windows servers which allow the use of weak encryptions, and is investigating the threat to PC users.