As it turns out, FREAK attacks are here to stay and they have now been targeting mobile OS. Credit unions will be probably facing troubles with the encryption, especially those that have been structuring their banking system for more than five years. New patches are on the way to confront with the urgent matter.
FREAK attack was announced back on 3, March and alerted everyone on this new SSL / TLS vulnerability. The fact that even HTTPS were not safe against this flaw has made the concern even bigger, as there is no guarantee that with the proper precautions you will avoid being exposed to its consequences. What FREAK does is to enable the attacker to intercept otherwise protected connections (using HTTPS, that is) and to make their encryption less powerful and solid. As you can imagine, deteriorating the protective wall of encryption can be truly devastating for visitors and websites alike.
Now the vulnerability has targeted mobile devices and OS, including Apple Safari and Android, as well as Microsoft Windows. The acknowledgement that OpenSSL protocol is not enough to provide thorough protection is rather shocking. All the companies that have been injured by the latest vulnerability are in the process of releasing fixes, in order to deal with the urgent matter in an efficient manner and safeguard the privacy of their users.
When it comes to credit unions, there are several details that ought to be highlighted towards addressing the problem to its real extent. First of all, there are unions that do not have the financial background for supporting mobile banking. Although this might seem disappointing at first sight, in reality this is what has protected these credit unions against the exposure of the recent FREAK attack.
What is more, the credit unions that have managed to develop all of their system recently (which typically means within the past five years or less) do not have a lot to support and thus they do not risk a lot in terms of data exposure. If on the other hand the system of a credit union stretches back to the 90s, then there is a large volume of data that can be exposed.
Texas Dow Employees Credit Union (TDECU) decided to alert their customers through the proper information on this important matter. According to Paul O’Malley, who is the vice-president of e-commerce at TDECU, it is critical for the people to know what they are dealing with: “Our goal here is to alert our members so they can be educated, and know that they need to pay attention to Internet security.
We understand our members are not expected to be experts on these types of things.” All at once, O’Malley outlined the vital part of a close relationship between the credit union and the IT department in avoidance of trouble: “Typically what will happen is, they will see something out in the blogosphere or we’ll see something, and we’ll immediately call each other and ask if we’ve heard about it and what we’re doing about it”.
Now that new vulnerabilities hit the wall on an everyday basis, it makes total sense why credit unions and banking institutions (along with everyone else, of course) need to be up-to-date with the latest patches and fixes against them. FREAK attacks have not been counted yet, but the percentage of sites that have been compromised is increasingly high. You can check out more as to whether or not you are protected against FREAK and monitor the patches available here.