In case our online lives weren't already overrun by hackers and several other Internet con-men, here's some new malware information that will make you wonder yet again if there's any real thing called online security.
According to reports, millions of people could have already been left susceptible to hackers while surfing the web via Apple and Google devices, thanks to a newly discovered security flaw called the "FREAK attack."
As of now, there's no evidence that hackers have actually exploited the weakness, although the companies are now moving in to repair it. Researchers, however, have blamed the problem on an ancient government policy, dumped over a decade ago.
Apparently, the policy required US software makers to use a frail security protocol in encryption programs sold overseas, related to national security alarms. However, riding on it, hackers found it quite easy to break into a number of popular websites.
This is because a host of popular websites and some Internet browsers were compelled to accept the weaker software, while others are still being tricked into using it, according to experts at several research institutions who reported their findings on 3 March.
The researchers further explained that this security flaw could make it easier for hackers to break the encryption that's believed to prevent digital over-hearers when a visitor starts typing sensitive information into a certain website.
As revealed on Tuesday, about a third of all encrypted websites remained vulnerable to the flaw, including the ones operated by American Express, Groupon, Kohl's, Marriott and some other government agencies, the researchers confirmed.
Also, University of Michigan computer scientist Zakir Durumeric explained that the vulnerability affects Apple web browsers and the browser built into Google's Android software. However, this rules out Google's Chrome browser or current browsers from Microsoft or Mozilla's Firefox.
A number of commercial website operators are currently taking remedial action after being notified about the malware privately in recent weeks, said Matthew Green, a computer security researcher at Johns Hopkins University.
Nonetheless, a few experts agree to the fact that the problem highlights the danger of government policies requiring any kind of flagging of encryption code, even if that's to help fight crime or counter threats to national security. The experts have warned that those policies may have unintentionally provided access to hackers.
"This was a policy decision made 20 years ago and it's now coming back to bite us," said Edward Felten, a professor of computer science and public affairs at Princeton, while referring to the old restrictions on exporting encryption code.
However, smartphones users will be somewhat relieved to know that both Apple and Google confirmed on Tuesday they have devised software updates to fix the "FREAK attack" flaw.
The threat derives its name from an acronym of technical terms. And while Apple says its fix for the same will be available next week, Google says it has already provided an update to device makers and wireless carriers.
