draft version

ROPEMAKER technical whitepaper

created on 2017-08-28 01:57:42

article

a technical whitepaper on a vulnerability affecting popular email clients which allows attackers to arbitrarily modify the perceived content of HTML emails post-delivery


This paper describes some research I did about a year ago on most popular email clients which highlights a weakness that allows attackers to arbitrarily modify the perceived content of HTML emails post-delivery even in the presence of technologies such as PGP and S/MIME.

In this document, I cover the design flaw and some of the offensive techniques enabled by it along with its implications and side effects. With this, I aim to bring a better understanding of the technical aspects of this attack dubbed Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky (ROPEMAKER) and how one can protect against it.

Matrix

Notes

Download

ropemaker.pdf - paper (draft)

last modified on 2017-09-02 03:41:46
View comments