Sabri Haddouche (security researcher from Germany) has found a set of vulnerabilities that he collectively points to as Mailsploit, and which is an array of techniques for spoofing email in more than a dozen popular email clients such as Apple Mail for iOS and macOS, Mozilla’s Thunderbird, Microsoft Mail, and Outlook 2016. Mailsploit allows an attacker to spoof email identities, and in some situations, run malicious code on the user’s machine.
“Email spoofing is the creation of email messages with a forged sender address.”
Mailsploit simply passes through email servers and avoids established spoofing protection tools (anti-spoofing mechanisms) like DMARC and spam filters. Emails sent with Mailsploit seem to come from completely legitimate senders. In most situations, unless email headers are examined by technicians, emails sent using Mailsploit are undetectable.
According to the researcher:
The trick resides in using RFC-1342 (from 1992!), a recommendation that provides a way to encode non-ASCII chars inside email headers in a such way that it won’t confuse the MTAs processing the email.
Sadly, most email clients don’t correctly sanitize the string after decoding which drives to this email spoofing attack.
“Using a combination of control characters such as new lines or null-byte, it can result in hiding or removing the domain part of the original email,”
You can check the list of all email and web clients that are vulnerable to MailSploit attack.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020