• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Technologous - Managed IT Solutions Bryan/College Station

  • Home
  • About
    • Areas We Serve
    • Our Leadership
      • Chris Dawson
      • Ian Soares
  • IT Services
    • Managed IT
    • Support IT
    • Cloud IT
  • Blog
  • Request a Consultation
  • Contact
You are here: Home / Blog / Blog Email Providers Found To Have Signature Vulnerabilities

Blog Email Providers Found To Have Signature Vulnerabilities

A team of security researchers have uncovered a serious flaw in several major email clients you need to be aware of.

The flaw allows hackers to fake verified signatures, which gives their phishing and other email-based attacks the appearance of legitimacy.

According to research conducted by the team, the following email clients are vulnerable to this exploit:

  • Thunderbird
  • Apple Mail with GPGTools
  • iOS Mail
  • Microsoft Outlook
  • Mailpile
  • Roundcube
  • K-9 Mail
  • Airmail
  • MailMate
  • Evolution
  • KMail
  • GpgOL

What The Risks Are

Ostensibly, an email signature is supposed to provide end-to-end authenticity, legitimacy, and integrity.  When you receive an email containing a verified signature, it’s a sign that it’s from a safe, trusted source. Unfortunately, now that several of the largest and most widely used email clients have been found to be vulnerable to signature spoofing attacks, that’s out the window.  If you’ve been in the habit of scanning for a verified signature and then, upon finding one, assuming the email is safe, it’s simply no longer safe to do that.

The research team described their research in part, by saying the following:

“In our scenario, we assume two trustworthy communication partners, Alice and Bob, who have securely exchanged their public PGP keys or S/MIME certificates.  The goal of our attacker Eve is to create and send an email with arbitrary content to Bob, whose email client falsely indicates that the email has been digitally signed by Alice.

Our attack model does not include any form of social engineering.  The user opens and reads received emails as always, so awareness training does not help to mitigate the attacks.”

That’s dark news indeed, and even worse, a raft of CVE’s have been opened to account for and fix the vulnerabilities that make this type of signature spoofing possible. However, there are no easy fixes here, and there’s no timetable at this point from any of these email providers on when or if the issues will be resolved.

May 20, 2019 Filed Under: Blog Tagged With: Attacks, Email, Signature Legitimacy, Vulnerable

Primary Sidebar

GET OUR BLOG IN YOUR EMAIL!

Archives

  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • August 2018

Tags

adobe android App Apple attack Attacks Breach Browser Chrome Credit Card Dark Web Data Database Data Breach Email Facebook Firefox gmail Google Google Chrome government hacker Hackers information iOS iPhone malware Microsoft Microsoft Windows 10 office 365 Password Passwords patch Phishing ransomeware Ransomware Scam security Social Media Update Vulnerability Wifi Windows Windows 7 Windows 10

Footer

Contact Us

Address: 3091 University Drive, Unit 210, Bryan, Texas 77802
Phone: 979-217-1226

Our Blog

  • Careless Oversight Causes Nissan Breach January 19, 2021
  • Adobe Flash Is Done, and Flash Content Is Now Blocked January 18, 2021
  • QRat Malware Has an Email Offer January 16, 2021
  • PayPal Phishing Wants Account Info January 15, 2021
  • Babuk Locker Ransomware Found On The Internet January 14, 2021

Search

Follow Us

  • Facebook
  • Home
  • About
  • Resources
  • Contact
  • Our Leadership
  • Why Choose Us?
  • IT Services
  • Request a Consultation

Copyright © 2021| All Rights Reserved | Powered By Technologous, LLC | Log in