Researchers uncover weaknesses in email security


By Dylan Bushell-Embling
Monday, 22 February, 2016

Researchers uncover weaknesses in email security

An international research team involving experts from the University of Sydney has provided the first evidence of the vulnerability of email as a communications mechanism.

The researchers conducted active scans of the entire internet focused on testing the security and integrity of mail and chat servers. The study also involved analysing the passive internet traffic of over 50,000 US users in more than 16 million encrypted connections.

Dr Ralph Holz, lecturer in networks and security at the University of Sydney’s School of Information Technologies and co-appointed researcher at Data61, said the research confirms suspected weaknesses in email cryptographic set-ups and authentication.

It shows that emails can be poorly protected while in transit. One of the main problems identified was a lack of support for encryption.

Less than half of the mail servers supported even basic encrypted communication, and 17% used insecure cryptography, Holz said. Only one in three mail servers can prove their identity securely.

“We investigated both the client-to-server interactions as well as server-to-server forwarding mechanisms. These can be configured in a number of ways, but these many combinations are leading to insecure deployments,” he said.

“We ran continuous scans of the internet’s most important security protocols and applications to detect deployment patterns that open systems to attacks. While email between users of major providers such as Gmail or Hotmail is relatively secure, this is not true in more general cases and several serious weaknesses exist.”

Holz and other University of Sydney researchers worked with a group including members from Data61, as well as the USA’s ICSI and Germany’s Technical University of Munich.

The researchers will present details of their research, including recommendations to help change the security status quo, at the Internet Society’s Network and Distributed System Security Symposium in San Diego next week.

Last month Electronic Frontiers Australia joined signatories in more than 35 countries in calling on world leaders to reject any law that would undermine strong encryption and by extension the integrity of the internet.

Image courtesy of Yuri Samoilov under CC

Related Articles

Emergency onboarding: what to do before and after a data breach

Organisations that have an emergency onboarding plan are better positioned to have their business...

Savvy directors are demanding more points of proof when cyber incidents occur

Pre-agreement on what a post-incident forensics effort should produce — and testing it out...

Cyber-attack prevention is better than a cure

Corporate and political decision-makers need to invest in areas that do a better job of...

Content from other channels on our network

Why SEHO Selective Systems are changing the way manufacturers solder boards using through hole designs

Eco-friendly battery for low-income countries

Unravelling the mystery of slow electrons

Laser tech used to develop deformable energy storage device

Laser printing on fallen tree leaves produces sensors for medical and laboratory use

Power Supplies and BLDC Motor Drivers from Mean Well in TME

WA funnels a further $500m into energy transition

$3.6 million in shared solar for ACT apartments

Low-orbit satellites help out electrical crews

Budget 2024: energy experts respond

SmartConnect extends comms reach for VRA Rescue NSW

Breakfast event to explore connectivity for emergency response

High-frequency operation in a dynamic metasurface antenna

Teltronic and Crosscall agree to integrate their solutions

Global 5G connections reached 1.76 billion in 2023

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd