Fabian Ising

@[email protected]
96 Followers
187 Following
135 Posts
IT security researcher at Fraunhofer SIT, previously FH Münster. Posts in English and German. Crypto means cryptography. 🌱 He/Him
FH Münsterhttps://www.fh-muenster.de/eti/personen/mitarbeiter/ising/ising.php
Show threadFabian IsingNov 14, 2022

We found two vulnerable implementations:

1. Apple’s Mail on current versions of iOS is vulnerable to what we call an empty line oracle — they expect an empty line between the mail's headers and the body. This is exploitable by an attacker that can sniff (TLS encrypted) IMAP traffic while sending mails to the victim and Mail decrypting them in the background, no user interaction required.

2. Google Workspaces (Google’s hosted S/MIME solution) is vulnerable to a classic Vaudenay padding oracle attack on CBC padding. The oracle is an error message via SMTP. This error message ironically was introduced to prevent the EFAIL attacks.

Show threadFabian IsingNov 14, 2022
You remember format oracles, most commonly present as padding oracles (e.g. Bleichennbacher’s Million Message Attack)? We wondered if we could perform these attacks on encrypted emails - and yes, we found a way to do format oracle attacks against S/MIME based on SMTP and IMAP!
Fabian IsingNov 14, 2022

Have a look at our new Paper
"Content-Type: multipart/oracle - Tapping into Format Oracles in Email End-to-End Encryption" to be presented at USENIX '23. This is joint work with @duesee , Tobias Kappert, @SaatChris , and @seecurity .

Full paper (pre-print): https://www.usenix.org/system/files/sec23summer_217-ising-prepub.pdf