The Freak Bug made international news today. Before getting into specifics, we want to announce something important to our loyal customers:
CIMPL HAS NEVER BEEN VULNERABLE TO THE FREAK BUG: OUR APPLICATION, SERVERS, AND WEBSITE REMAIN SAFE FROM THE BUG.
Vincent Parisien, Cimpl’s Vice-President of Technology, was very clear about Etelesolv’s security-readiness in the face of the Freak Bug: “I would like to reassure our customers that Cimpl’s systems and platforms have never been at risk from the Freak Bug vulnerability. We’d already disabled the protocol SSL 3.0 as recommended by industry experts, thereby ensuring our complete security from such risk. We know that it’s a privilege to have our customers entrust their data to us. That’s why security is a primary concern at Cimpl. Thanks to our precautions, our customers' data remain safe in our systems.”
Now that we’re clear, let’s get into details!
1) What is the Freak Bug exactly?Freak is a problem that has been around since the 1990s but that was only really discovered Tuesday (March 3, 2015). As with last year’s Heartbleed concerns, the vulnerability of the bug resides in the protocol OpenSSL (that’s used to encrypt online communications). The security concern comes from the fact that hackers could use this weakness to access your personal information if they are on the same network as you; they only have to intercept the communication between a vulnerable device and a vulnerable website.
This problem is happening today because in the beginning of the 1990s, the US government decided that the encryption standards of devices shipped overseas by US companies should be downgraded (to an “export” grade). At the time, only super computers could exploit this vulnerability but with today’s technology advancements, just about anyone could hack devices and websites that are not secure through this exploit.
2) What is the scope of the problem?
Unfortunately, hundreds of millions of smartphone and tablet users are at risk because of the Freak bug. The security flaw makes Apple’s Safari web browser vulnerable on iPhones, iPads, and Macs, as well as Google on all Android devices. The good news is that browsers such as Mozilla's Firefox, Microsoft's Internet Explorer, and the Chrome desktop browser are not vulnerable to this security breach.
3) How can I protect my devices?
Now that you are aware of the risks your mobile devices are exposed to, let’s look at what can you do to avoid being hacked.
First, if you are an Apple user, make sure to download the company’s iOS and OX updates that will be available next week and that contain a fix for the security issue. Due to fragmentation of the Android platform, Android users could have to wait longer before Google releases a software update (although Google does say that the patch will be available next week as well).
In the meantime, if you want to check if the website you want to visit is vulnerable to the Freak bug, you can simply go to the SSL Labs' SSL Server Test site and type the domain name of your site. The test site will run a test immediately for you.
Last piece of advice: avoid using public Wi-Fi networks for now; this will limit the risk of being hacked before you update your software.
As Canada’s leader in IT and telecom expense management, Etelesolv tries to keep you informed of the different security trends or issues happening in the industry. We would like to remind you that our team of experts is always there to answer any questions you may have regarding the Freak bug, mobile security or about our signature product Cimpl. Make sure to follow us on Twitter to stay informed daily on what’s happening in the technology field! Have you experienced any hacking attempts via the Freak Bug? If yes, please share your story below! It helps everyone!