Ropemaker Now Lets Attackers Edit Your Emails – Even The Ones Delivered Already

Woah, another week passes by and we get another piece of shocking new – this time an email exploit surprisingly, which has been called Ropemaker. This exploit can even let an outsider access and edit the contains of an email. And surprisingly that is not all – they can edit it even after it has already been received by someone and sits in their inbox, not spam or any other folder.

This kind of malicious attempts can obviously affect different walks of life and can cause a lot of problems for corporates and other businesses. Let’s say someone with such kind of access to your inbox changes a standard, normal URL to a malicious link by changing the text of the mails already present in your mailbox or simply changes the content to whatever fancies their mood – imagine the kind of impact such access may have on your personal and professional lives.

ropemaker vulnerability does change email content

Ropemaker Vulnerability

Ropemaker was for the first time discovered by a team of researchers working at Mimecast, who talked about how an exploiter if succeeded in his attempts was even able to affect the systems using SMIME or PGP for signing. A spokesperson for Mimecast, Matthew Gardiner talked about Ropemaker in one blog stating that this piece of technology basically is designed keeping in mind both email and web technologies which basically means the intersection using HTML and Cascading Style Sheets CSS.

He further added that these web technologies do contribute in making emails better and more aesthetically pleasing as well as more relative dynamically relative which is nothing similar to how emails were before. But all this has also risked the security of the medium and has led to a huge break in security wall – basically an attack vector – of the email. Matthew went on to explain that this Ropemaker is so dangerous that it can be amplified to cause severe harm and is limited only to the creativity or imagination of the attackers – something which we know is not actually limited.

Another professional Brian Robison, who works as Senior Director in the department of security technology at Cylance stated that this Ropemaker threat is not per se new – specially several of the aspects included, but it is something that sure is to be stay safe from and stay alerted for any corporation. He has been reported to state that this advisory basically emphasizes that in case one has gotten any email which contains a URL in its text or has one in the HTML email, the attacker has the ability to alter this URL to something potentially harmful, into something which the sender surely did not intend to send originally.

He further added that all the email applications in these times are going for HTML which is a sureshot way to get CSS which would make the email look and feel better. Something which almost every big corporation is after right now to incorporate and use as a standard way of conducting business. Brain then went on to state that many scams where attackers are phishing emails have been revolving around this same weakness for ages now – connecting to the original source makes the mail look more legit and authentic.

Let’s say you get a mail in your mailbox from your Bank. Now this email has exactly the same structure – the logos and headers and footers and other details as the mails you usually get from your bank (or something that has been sourced directly from the website of your bank), making it look way more authentic. But the link might lead you to completely different places like a badbank.com or any other place which basically is the attacker’s strategy to lure you in and then hacking your account to retrieve your personal and private information or credentials, which you may have unknowingly or unaware provided to the authentic looking but fake bank website.

We are sure you can see how this is something of great concern to all of us as it might work well on anyone – almost all average email users will fall prey to this, and then this technology does actually function its way around on most email services and platforms. It remains to be seen how Ropemaker gets exploited further.

Add Comment