Majority of Encrypted Email Clients Vulnerable to Signature Spoofing

Majority of Encrypted Email Clients Vulnerable to Signature Spoofing | #TpromoCom #Email #Encryption #Security | Researchers have found that encrypted emails are not always as secure as we might think. From more than two dozen popular encrypted email clients, they found that the majority are vulnerable to one or more signature spoofing attacks.

Good cryptography is nearly impossible to break with contemporary commercial computers — so attackers don’t often attempt to. Instead, they attack the implementation and use of cryptography, where the weaknesses are more often found. This is especially true for email, where the implementation of encrypted emails is particularly challenging.

Researchers from the Ruhr University Bochum and Munster University of Applied Sciences have investigated (PDF) the implementation of the two major email encryption standards, OpenPGP and S/MIME, and have found them largely wanting. While the use of encrypted emails is not widespread, wherever it is used is likely to secure valuable or particularly sensitive content. So, it is disturbing that the researchers found flaws in the design of many leading secure email clients. Fourteen out of 20 tested OpenPGP-capable clients, and 15 out of 22 clients supporting S/MIME were susceptible to digital signature spoofing.

To read the remainder of this news article, click here.