Millions of people might have been left vulnerable to hackers while surfing the Web on Apple Inc and Google Inc devices, thanks to a newly discovered security flaw known as “FREAK attack.”
The flaw was discovered by a team led by Karthikeyan Bhargavan at INRIA in Paris — the French Institute for Research in Computer Science and Automation — and disclosure coordinated by Matthew Green, a cryptographer at Johns Hopkins University.
There is no evidence so far that any hackers have exploited the weakness, which companies are now moving to repair. Researchers blame the problem on an old government policy, abandoned more than a decade ago, which required US software makers to use weaker security in encryption programs sold overseas due to national security concerns.
Many popular Web sites and some Internet browsers continued to accept the weaker software, or can be tricked into using it, according to experts at several research institutions who reported their findings on Tuesday. They said that could make it easier for hackers to break the encryption that is supposed to prevent digital eavesdropping when a visitor types sensitive information into a Web site.
About one-third of all encrypted Web sites were vulnerable as of Tuesday, including sites operated by American Express Co, Groupon Inc, Kohl’s Corp, Marriott International Inc and some US government agencies, the researchers said.
University of Michigan computer scientist Zakir Durumeric said the vulnerability affects Apple Web browsers and the browser built into Google’s Android software, but not Google’s Chrome browser or current browsers from Microsoft Corp or Firefox-maker Mozilla Corp.
Apple and Google both said on Tuesday that they have created software updates to fix the “FREAK attack” flaw, which derives its name from an acronym of technical terms.
Apple said its fix will be available next week and Google said it has provided an update to device makers and wireless carriers.
A number of commercial Web site operators are also taking corrective action after being notified privately in recent weeks, Green said.
However, some experts said the problem shows the danger of government policies that require any weakening of encryption code, even to help fight crime or threats to national security.
They warned those policies could inadvertently provide access to hackers.
“The flaw is significant in itself, but it is also a good example of what can go wrong when government asks to build weaknesses into security systems,” Edward Felten, a professor of computer science and public affairs at Princeton, said in a blog post.
“This was a policy decision made 20 years ago and it’s now coming back to bite us,” said Felten, referring to the old restrictions on exporting encryption code.
Additional reporting by AFP
Taiwan Transport and Storage Corp (TTS, 台灣通運倉儲) yesterday unveiled its first electric tractor unit — manufactured by Volvo Trucks — in a ceremony in Taipei, and said the unit would soon be used to transport cement produced by Taiwan Cement Corp (TCC, 台灣水泥). Both TTS and TCC belong to TCC International Holdings Ltd (台泥國際集團). With the electric tractor unit, the Taipei-based cement firm would become the first in Taiwan to use electric vehicles to transport construction materials. TTS chairman Koo Kung-yi (辜公怡), Volvo Trucks vice president of sales and marketing Johan Selven, TCC president Roman Cheng (程耀輝) and Taikoo Motors Group
Among the rows of vibrators, rubber torsos and leather harnesses at a Chinese sex toys exhibition in Shanghai this weekend, the beginnings of an artificial intelligence (AI)-driven shift in the industry quietly pulsed. China manufactures about 70 percent of the world’s sex toys, most of it the “hardware” on display at the fair — whether that be technicolor tentacled dildos or hyper-realistic personalized silicone dolls. Yet smart toys have been rising in popularity for some time. Many major European and US brands already offer tech-enhanced products that can enable long-distance love, monitor well-being and even bring people one step closer to
RECORD-BREAKING: TSMC’s net profit last quarter beat market expectations by expanding 8.9% and it was the best first-quarter profit in the chipmaker’s history Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), which counts Nvidia Corp as a key customer, yesterday said that artificial intelligence (AI) server chip revenue is set to more than double this year from last year amid rising demand. The chipmaker expects the growth momentum to continue in the next five years with an annual compound growth rate of 50 percent, TSMC chief executive officer C.C. Wei (魏哲家) told investors yesterday. By 2028, AI chips’ contribution to revenue would climb to about 20 percent from a percentage in the low teens, Wei said. “Almost all the AI innovators are working with TSMC to address the
Malaysia’s leader yesterday announced plans to build a massive semiconductor design park, aiming to boost the Southeast Asian nation’s role in the global chip industry. A prominent player in the semiconductor industry for decades, Malaysia accounts for an estimated 13 percent of global back-end manufacturing, according to German tech giant Bosch. Now it wants to go beyond production and emerge as a chip design powerhouse too, Malaysian Prime Minister Anwar Ibrahim said. “I am pleased to announce the largest IC (integrated circuit) Design Park in Southeast Asia, that will house world-class anchor tenants and collaborate with global companies such as Arm [Holdings PLC],”