Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

 

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients.

The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile.

When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you.

However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user.

The research was conducted by a team of researchers from Ruhr University Bochum and Münster University of Applied Sciences, which includes Jens Müller , Marcus Brinkmann , Damian Poddebniak , Hanno Böck, Sebastian Schinzel , Juraj Somorovsky, and Jörg Schwenk.

 

More at – thehackernews.com

 

Some like:

FairEmail for your Android isn’t affected.

 

If you know more, let us know.

 

But I guess most of the affected clients get fixed pretty soon.