Security

Neither Snow Nor Rain Nor MITM… The State of Email Security in 2015

Hall 2
Zakir Durumeric
Is your email being sent in the clear? While PGP and S/MIME provide end-to-end encrypted mail, most users have yet to adopt these practices, and for users who have, these tools leave metadata, such as the subject, sender, and recipient, visible everywhere along a message’s path. SMTP—the ubiquitous mail transport protocol—has evolved over the years to add encryption and authentication, both of which take place behind the scenes and help guard against surveillance and spam. While these features are being increasingly deployed, our research shows that they are almost always configured in vulnerable ways—the details of which are hidden from the users sending and receiving mail. Even more disturbingly, these vulnerabilities are being widely exploited in the wild: in seven countries, more than 20% of inbound Gmail messages are downgraded to cleartext by network-based attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext. In this talk, I’ll introduce the commonly used SMTP security extensions—including STARTTLS, SPF, DKIM, and DMARC—and describe the current state of mail security on the Internet. I'll describe several commonly occurring attacks our recent research has found and discuss how mail operators can configure their servers to secure email transport. Finally, I'll discuss several weaknesses in the protocols we're using and recent proposals for helping secure email transport.
Email carries some of our most sensitive communication, including private correspondence, financial details, and password recovery confirmations. We expect that messages are private and, in many cases, unforgeable. However, SMTP—the protocol responsible for relaying messages between mail servers—did not originally authenticate senders or encrypt mail in transit. Instead, servers support these features through SMTP extensions. Adopting these features is entirely voluntary and they have only been gradually adopted. As a consequence, mail servers still tolerate unprotected communication and will send messages in clear text if any problems occur when negotiating a secure connection. Earlier this year, I worked with colleagues at the University of Michigan and Google to measure the global adoption of email security features and try to better understand how well email is secured in practice. Our study draws from two unique data sources: connection logs for Gmail spanning 16 months, plus a snapshot of SMTP server configurations from April 2015 for the Alexa Top Million domains. From Gmail’s perspective, incoming messages protected by TLS have increased 82% over the last year, peaking at 60% of all inbound mail. However, this improvement was largely because a small number of popular web mail providers deployed TLS—many organizations still haven't deployed these features correctly. I will discuss these results and many more that reveal several major weaknesses in the global deployment of mail transport security. This security patchwork enables network attackers to intercept and surveil email. In one kind of attack, actors corrupt the TLS handshakes at the the start of an SMTP connection to downgrade the connection to cleartext—exposing messages to potential eavesdropping. Using Internet-wide scanning, we identified more than 41,000 SMTP servers in 193 countries that are routinely forced to deliver email as cleartext. We analyzed the mail sent to Gmail from these hosts and find that in seven countries, more than 20% of all messages are prevented from being encrypted by active network attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext, but even in Denmark, nearly 4% of messages are affected. In a second class of attack, DNS servers provide fraudulent MX records for popular email providers. We searched for servers that provide fraudulent addresses for Gmail’s SMTP servers, and we find 14.6K publicly accessible DNS servers in 69 countries provide falsified responses. We investigate the messages that Gmail received from these hosts and find that in 193 countries more than 0.01% of messages from each country are transited through these impostor hosts. Six of the eight most-affected countries are in Europe. In this talk, I will first introduce the security extensions for SMTP and the current state of mail security. Then, drawing on our measurements, I will discuss the weaknesses in these protocols and the attacks we see occurring in the wild. I'll discuss what mail server operators, developers, and even end users, can do to protect against these problems. Finally, I will present current proposals for securing mail transport and several weaknesses that we still need to address.

Additional information

Type lecture
Language English

More sessions

12/27/15
Security
Joanna Rutkowska
Hall 2
Can we build trustworthy client systems on x86 hardware? What are the main challenges? What can we do about them, realistically? Is there anything we can?
12/27/15
Security
Hall 6
Unser Vortrag demonstriert einen PLC-only Wurm. Der PLC-Wurm kann selbstständig ein Netzwerk nach Siemens Simatic S7-1200 Geräten in den Versionen 1 bis 3 durchsuchen und diese befallen. Hierzu ist keine Unterstützung durch PCs oder Server erforderlich. Der Wurm „lebt“ ausschließlich in den PLCs.
12/27/15
Security
Hall 2
Dr. Peter Laackmann und Marcus Janke zeigen mit einem tiefen Einblick in die Welt der Hardware-Trojaner, auf welchem Wege „Institutionen“ versuchen können, sich versteckten Zugang zu Sicherheits-Hardware zu verschaffen.
12/27/15
Security
Yaniv Balmas
Hall G
Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field?
12/27/15
Security
Ilja van Sprundel
Hall 2
This presentation covers windows kernel driver security issues. It'll discuss some background, and then give an overview of the most common issues seen in drivers, covering both finding and fixing issues.
12/27/15
Security
Alexander Graf
Hall 2
Did you ever want to have access to a few hundred thousand network end points? Or a few hundred thousand phone numbers? A short look behind the curtains of how not to do network security.
12/27/15
Security
Hall 1
For years SCADA StrangeLove team speaks about vulnerabilities in Industrial Control Systems. Now we want to show by example of railway the link between information security and industrial safety and demonstrate how a root access gained in a few minutes can bring to naught all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. Railroads is a complex systems and process automation is used in different areas: to control power, switches, ...