Security experts have discovered a potentially catastrophic flaw that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between Android or Apple devices and hundreds of thousands or millions of websites, including AmericanExpress.com, Bloomberg.com, NSA.gov, and FBI.gov.
In recent days, a scan of more than 14 million websites that support the secure sockets layer or transport layer security protocols found that more than 36 percent of them were vulnerable to the decryption attacks. The exploit takes about seven hours to carry out and costs as little as $100 per site. The so-called FREAK attack—short for Factoring attack on RSA-EXPORT Keys—is possible when an end user with a vulnerable device—currently known to include Android smartphones, iPhones, and Macs running Apple's OS X operating system—connects to a vulnerable HTTPS-protected website. Vulnerable sites are those configured to use a weak cipher that many had presumed had been retired long ago. At the time this post was being prepared, most Windows and Linux end-user devices were not believed to be affected.
Attackers who are in a position to monitor traffic passing between vulnerable end users and servers can inject malicious packets into the flow that will cause the two parties to use a weak 512-bit encryption key while negotiating encrypted Web sessions. Attackers can then collect some of the resulting exchange and use cloud-based computing from Amazon or other services to factor the website's underlying private key. From that point on, attackers on a coffee-shop hotspot or other unsecured network can masquerade as the official website, a coup that allows them to read or even modify data as it passes between the site and the end user.
Source and Read more.