US Govt Put Apple Users At Risk Of Hacking

Millions of Apple and Android users have been vulnerable to hackers for years because of a security flaw caused by the US government, researchers say.

The vulnerability - known as 'FREAK attack' - has been blamed on a government policy abandoned more than a decade ago which forced US software makers to use weaker security encryption in software sold overseas.

A group of nine researchers discovered that they can still trick browsers on Mac computers and Android phones and tablets into using the weaker encryption, which can then be cracked within a few hours.

It leaves users vulnerable to digital eavesdropping when they type sensitive information into websites.

Around a third of websites which use encryption currently leave users open to hacking as a result of the flaw - including Whitehouse.gov and FBI.gov.

The weaker encryption used a 512-bit code, which was once seen as advanced but has been crackable since 1999.

Cracking the code would take a skilled code breaker around seven hours, while cracking the more advanced 1024-bit code would take a team of hackers at least a year.

Both Apple and Google say they have developed fixes to deal with the problem.

There is no evidence so far that any hackers have exploited the weakness which is now being repaired.