A newly discovered Internet security flaw could leave many websites vulnerable to hackers because of weak US encryption standards in the 1990s, researchers said Tuesday.
The flaw dubbed "FREAK" could leave thousands of websites open to attacks if the problem is not patched, according to papers released by French and US researchers.
The flaw was discovered by a team led by Karthikeyan Bhargavan at INRIA in Paris -- the French Institute for Research in Computer Science and Automation -- and disclosure coordinated by Matthew Green, a cryptographer at Johns Hopkins University.
A research paper said the flaw comes from "a class of deliberately weak export cipher suites... introduced under the pressure of US government agencies to ensure that the NSA would be able to decrypt all foreign encrypted communication."
Green said in a blog post that even some sites maintained by the National Security Agency and FBI appeared to be vulnerable.
"Since the NSA was the organization that demanded export-grade crypto, it's only fitting that they should be the first site affected by this vulnerability," Green said.
Green and other researchers said the flaw stems from US government-imposed standards for encryption in software that was exported -- a short-lived effort to allow the United States to be able to access software exported to unfriendly regimes.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.