As if phishing ploys and spam mail weren’t enough, security researcher, Sabri Haddouche, uncovered vulnerabilities in email programs that lets hackers spoof recipients into thinking they’re receiving mail from trusted sources. Mailsploit, is a collection of bugs in mail clients that allow effective sender spoofing and code injections attacks.
Some of the email clients included in Haddouche’s list were Apple Mail for iOS and macOS, Mozilla’s Thunderbird, Microsoft Mail, and Outlook 2016, as well as a long list of less common clients including Opera Mail, Airmail, Spark, Guerrilla Mail and Aol Mail.
Once the bugs in the email clients were found, Haddouche adjusted the way operating systems handle certain kinds of text, which allowed for him to create email headers that ultimately allow hackers to forge the email source. Although email spoofing as been around for decades, email server administrators have been able to block fraudulent senders using DMARC, but #Mailsploit has proven to bypass these security measures.
If you’re interested in learning about our industry leading policy form and how it can respond in the event of an attack, contact us for a quote. #hackerinsurance
A demo Haddouche has made available on his website describing the Mailsploit attack lets anyone send emails from any address they choose. Click here to watch the demo.
Incredible Website