On March 3, 2015, Security researchers announced the discovery of a significant Vulnerability in the SSL/TLS client/server protocols that results in weaker encryption that can be broken in hours. Some Freak Vulnerability patches are available now, and some are expected to be available next week[1] Others may take a while, or never even appear[2]

Now that hackers who were not aware, are well aware of this exploit, and have added it to their tool belt; your CISO is going to ask what you have done to mitigate against the Freak vulnerability? Most likely, you have not done enough because it costs too much in time and resources to map and test your organization’s network topology at the desktop and server level alone. What have you done to mitigate against FREAK vulnerability in your BYOD and Enterprise Mobility Management (EMM) environment? You are probably hoping that this will be self-patched or self-handled by the Mobile app vendors because you have no insight into what servers the mobile apps connect to outside of your organization.

Your entire corporation is exposed to eavesdropping on your most sensitive, internal secrets from external servers you have no control over. How do you handle this threat? How do you mitigate against this without spending time, energy, and resources? How do you estimate this threat from your exposure to your corporate Android and iOS deployments? How do you translate this vulnerability to a language that IT can understand: black list, white list, and EMM policy updates?

How do you do all of this with out over-extending your IT budget, without conducting a rabbit hunt, and without tasking your top-notch security and cyber resource to first identify, then test thousands of mobile app server connections that could be vulnerable, and then perform the mundane task of testing each one?

Over the past 24 hours, MI3 Security has traversed the entire mobile apps database it maintains with cross-correlations against FREAK vulnerable servers that the mobile apps connect to, and the results are astonishing. In just a matter of a few hours, Mi3 Security identified apps with connections to servers vulnerable to the FREAK attack, including Fortune 500 companies (Symantec, AVG, Cisco, Via Forensics, Chrysler, Hertz, Hyatt). This research and the additional testing methodology is now included in Mi3 Security’s AppInterrogator which automatically tests mobile-app-connected-servers and creates a blocking policy. This has been done without changing anything on the customer premise.

“Heartbleed vulnerability , POODLE vulnerability, and FREAK vulnerability are all glaring examples of how the connected servers are the mobile app’s weakest link. While a developer can do everything possible to secure the mobile application, the risks that surround the mobile app are constantly changing and require just as much scrutiny as the app itself,” states Ken Lloyd, MI3 Security CTO.

As displayed in figure 1 below, of the mobile apps MI3 Security identified as vulnerable to the FREAK vulnerability, the top three categories are personalization (9%), education (7%), and lifestyle (7%). The figure also indicates that the distribution is fairly even, and widespread across most popular mobile app categories.

References

Researchers who discovered FREAK

TrendMicro FREAK blog

FREAK website, helps track available patches

Cryptographer Matthew Green’s blog on FREAK

[1] Source: https://freakattack.com?utm_source=rss&utm_medium=rss

[2] Source: http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/03/freak-flaw-undermines-security-for-apple-and-google-users-researchers-discover/?utm_source=rss&utm_medium=rss

The post Leverage Mi3 Security AppInterrogator™ for Mobile Apps to Stop the Freak Vulnerability Dead in its Tracks! appeared first on Mi3 Security.