Petronella Blog Archive

Visit our New Blog

Apple and Google Spied on Since the 90's

Blog Post

Chances are you use an Apple or Google phone, computer or other device.  If so, your confidential information could have been compromised when you visited supposedly secure websites, and this has been going on since the 90's.

Your passwords and other sensitive information could have been stolen when visiting secure websites thanks to a flaw stemming from an old government policy that didn't allow companies to export products with what researchers call "export grade" encryption.  This rule was lifted in the late 1990's, but countless computers had been built this way, allowing hackers to access the computers.

More than 30% of websites using encryption were vulnerable to an attack that allowed hackers to unencrypt and crack communications between compromised computers and "secure" websites.  Though most websites have already fixed the problem, not all have, including the National Security Agency's website.

The flaw, called FREAK (Factoring Attack on RSA-Export Keys, I know, it doesn't totally match up as an acronym), was thought to have fallen out of use due to the age of the technology behind it, but that has found to not be the case.  This should stand as a lesson to governments calling on manufacturers to leave backdoors open for them to access users' computers and devices.

Apple has a patch that will be coming soon for their Safari browser.  Google Chrome is not vulnerable to it, but the browser that comes on Androids is, though that patch should be pushed out to users soon as well.