More than Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

Jun 04, 2019
Posted by
Cyber Security

A group of security analysts has found a few vulnerabilities in different executions of OpenPGP and S/MIME email signature check that could enable attackers to spoof signatures on over a dozen of prominent email customers.

The influenced email customers include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile.

When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you.

However, analysts tried 25 generally utilized email customers for Windows, Linux, macOS, iOS, Android and Web and found that something like 14 of them were helpless against different sorts of reasonable assaults under five underneath referenced classes, making spoofed signatures undefined from a legitimate one even by a attentive.

The exploration was led by a group of analysts from Ruhr University Bochum and Münster University of Applied Sciences, which includes Jens Müller , Marcus Brinkmann , Damian Poddebniak , Hanno Böck, Sebastian Schinzel , Juraj Somorovsky, and Jörg Schwenk.

  1. CMS Attacks (C1, C2, C3, C4) : Imperfections due to misusing of Cryptographic Message Syntax (CMS), the holder configuration of S/MIME, lead to contradicting or unusual information structures, for example, different endorsers or no signers.
  • GPG API Attacks (G1, G2) :  Execution flaws in many email customers neglect to appropriately parse a wide range of different inputs that could enable attackers to inject subjective strings into GnuPG status line API and logging messages, deceiving customers into showing successful signature approval for self-assertive public keys.
email signature spoofing


  • MIME Attacks (M1, M2, M3, M4) : MIME wrapping attacks abuse how email customers handle partially signed messages. These assaults enable attackers to trick email customers into appearing unsigned content while confirming an irrelevant signature in another part (which stays undetectable).
  • ID attacks (I1, I2, I3) : These attacks depend on the weaknesses in the authoritative of signed messages to the sender character via mail clients, enabling attackers to show a valid signature from the identity (ID) of a trusted communication accomplice located in the mail header.
  • UI Attacks (U1) : User Interface (UI) reviewing assaults are successful if attackers figured out how to mirror, using HTML, CSS, or inline pictures, some significant UI components of an email client that could enable them to show a indicator of a valid signature.

The following are the consequences of the majority of the previously mentioned mark spoofing attacks tested against different email clients for OpenPGP, where full blacked circle indicator represents “Perfect forgery,” half blacked circle represents “Partial forgery,” and the white one represents “Weak forgery.”

openpgp email signature spoofing attacks


The following table shows results for S/MIME signature confirmation:

s/mime email signature spoofing attack


Curiously, researchers additionally discovered that some email signature spoofing attacks can likewise be used to spoof decryption results, “causing the email client to indicate an encoded message where in certainty the plaintext was transmitted in the clear.”

“Our attacker model does not include any form of social engineering. The user opens and reads received emails as always, so awareness training does not help to mitigate the attacks,” the researchers say.

Despite the fact that the vast majority of these partial and weak forgery attacks can possibly be recognized via cautiously examining the GUI or manually clicking to get more signature details, regardless it concerns when countless clients and networks depends on email encryption and confirmation for verification.

The vulnerabilities in email clients have been given the following CVEs: CVE-2018-18509, CVE-2018-12019, CVE-2018-12020, CVE-2017-17848, CVE-2018-15586, CVE-2018-15587, CVE-2018-15588, CVE-2019-8338, CVE-2018-12356, CVE-2018-12556, and CVE-2019-728.

Researchers reported these vulnerabilities to influenced vendors and engineers, just as proposed fitting countermeasures, which have now been implemented in the most recent versions of the vast majority of the affected software.