Wednesday, March 3, 2021
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home News

Dozens of Email Clients Found Vulnerable to Signature Spoofing Attack.

Cybersecfill by Cybersecfill
May 1, 2019
in News
0
Email Signature spoofing
Share on FacebookShare on Twitter

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over  dozen of popular email clients.

The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile.

However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user.

The research was conducted by a team of researchers from Ruhr University Bochum and Münster University of Applied Sciences, which includes Jens Müller , Marcus Brinkmann , Damian Poddebniak , Hanno Böck, Sebastian Schinzel , Juraj Somorovsky, and Jörg Schwenk.

“In our scenario, we assume two trustworthy communication partners, Alice and Bob, who have securely exchanged their public PGP keys or S/MIME certificates,” the team explains in a research paper [PDF] published today.

“The goal of our attacker Eve is to create and send an email with arbitrary content to Bob whose email client falsely indicates that the email has been digitally signed by Alice.”

1) CMS Attacks (C1, C2, C3, C4) — Flaws due to mishandling of Cryptographic Message Syntax (CMS), the container format of S/MIME, lead to contradicting or unusual data structures, such as multiple signers or no signers.

2) GPG API Attacks (G1, G2) — Implementation flaws in many email clients fail to properly parse a wide range of different inputs that could allow attackers to inject arbitrary strings into GnuPG status line API and logging messages, tricking clients into displaying successful signature validation for arbitrary public keys.

3) MIME Attacks (M1, M2, M3, M4) — MIME wrapping attacks abuse how email clients handle partially signed messages. These attacks allow attackers to trick email clients into showing an unsigned text while verifying an unrelated signature in another part (which remains invisible).

4) ID attacks (I1, I2, I3) — These attacks rely on the weaknesses in the binding of signed messages to the sender identity by mail clients, allowing attackers to display a valid signature from the identity (ID) of a trusted communication partner located in the mail header.

5) UI Attacks (U1) — User Interface (UI) redressing attacks are successful if attackers found a way to mimic, using HTML, CSS, or inline images, some important UI elements of an email client that could allow them to display an indicator of a valid signature.

The vulnerabilities in email clients have been given the following CVEs: CVE-2018-18509, CVE-2018-12019, CVE-2018-12020, CVE-2017-17848, CVE-2018-15586, CVE-2018-15587, CVE-2018-15588, CVE-2019-8338, CVE-2018-12356, CVE-2018-12556, and CVE-2019-728.

Researchers reported these vulnerabilities to affected vendors and developers, as well as suggested appropriate countermeasures, which have now been implemented in the latest versions of most of the affected software.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Tags: cybersecurityEmail SpoofingVulnerability
Cybersecfill

Cybersecfill

An independent Nigeria cybersecurity blog aimed at sharing cybersecurity news, articles ,blog and opinins.

Next Post
Endpoint Detection & Response (EDR)- The New AntiMalware

Endpoint Detection & Response (EDR)- The New AntiMalware

0 0 vote
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

  • Trending
  • Comments
  • Latest
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

July 1, 2019
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

6
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
5G Dangers: What are the Cybersecurity implications?

5G Dangers: What are the Cybersecurity implications?

March 1, 2021
Key Differences Between Firewall And Antivirus

Key Differences Between Firewall And Antivirus

February 27, 2021
Cybersecurity for Remote Workers: 8 ways to work safer…

Cybersecurity for Remote Workers: 8 ways to work safer…

February 24, 2021
Cloud Account Hijacking

Cloud Account Hijacking

February 22, 2021

Recommended

5G Dangers: What are the Cybersecurity implications?

5G Dangers: What are the Cybersecurity implications?

March 1, 2021
Key Differences Between Firewall And Antivirus

Key Differences Between Firewall And Antivirus

February 27, 2021
Cybersecurity for Remote Workers: 8 ways to work safer…

Cybersecurity for Remote Workers: 8 ways to work safer…

February 24, 2021
Cloud Account Hijacking

Cloud Account Hijacking

February 22, 2021

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply