US Govt Put Apple Users At Risk Of Hacking

Millions of Apple (NasdaqGS: AAPL - news) and Android users have been vulnerable to hackers for years because of a security flaw caused by the US government, researchers say.

The vulnerability - known as 'FREAK attack' - has been blamed on a government policy abandoned more than a decade ago which forced US software makers to use weaker security encryption in software sold overseas.

A group of nine researchers discovered that they can still trick browsers on Mac computers and Android phones and tablets into using the weaker encryption, which can then be cracked within a few hours.

It leaves users vulnerable to digital eavesdropping when they type sensitive information into websites.

Around a third of websites which use encryption currently leave users open to hacking as a result of the flaw - including Whitehouse.gov and FBI.gov.

The weaker encryption used a 512-bit code, which was once seen as advanced but has been crackable since 1999.

Cracking the code would take a skilled code breaker around seven hours, while cracking the more advanced 1024-bit code would take a team of hackers at least a year.

Both Apple and Google (Xetra: A0B7FY - news) say they have developed fixes to deal with the problem.

There is no evidence so far that any hackers have exploited the weakness which is now being repaired.