Just S/MIME and wave

The majority of email clients are vulnerable to signature spoofing attacks, according to a new study.

Researchers from Ruhr University Bochum and Munster University of Applied Sciences uncovered vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification.

Digital signatures are supposed to confirm the authenticity and integrity of signed messages, an assurance which has been undermined by the discovery of practical forgery attacks.

Attacks developed by the researchers allow the spoofing of signatures in 14 out of 20 tested OpenPGP-supporting email clients, plus 15 out of 22 email software packages supporting S/MIME signatures.

Affected clients include Thunderbird, Outlook, and Apple Mail with plugins including Enigmail and GnuPG (for OpenPGP) or native support for S/MIME on various platforms including Windows, macOS, Android, iOS, and web.

The analysis looked at the way email clients ‘deal with multipart MIME trees, partly signed emails, and how they display the result of OpenPGP or S/MIME signatures in emails’.

Five different attack classes were probed, as researchers looked at whether it was possible to fake the signature user interface element displayed by emails and another potential weakness aimed at “modifying the displayed name of the signer”.

The team also explored whether there were vulnerabilities in the way that email clients handle partially signed emails.

OpenPGP and S/MIME are the two most widely used industry standards designed to encrypt and digitally sign emails.

None of the attacks directly target either the OpenPGP or S/MIME standard or underpinning cryptographic primitives – instead going after various flawed implementations.

“Our results show that email signature checking and correctly communicating the result to the user is surprisingly hard and currently most clients do not withstand a rigorous security analysis,” the researchers conclude.

A paper (PDF) on the research, ‘Johnny, you are fired! – Spoofing OpenPGP and S/MIME Signatures in Emails’, will be presented at the upcoming USENIX Security ‘19 conference in Santa Clara, California, in August.

In the paper, the team behind the research (Jens Muller, Marcus Brinkmann, Damian Poddebniak, Hanno Bock, Sebastian Schinzel, Juraj Somorovsky, and Jorg Schwenk) discuss various countermeasures and suggest improvements for email client software.