HomeAnswerNotificationsCustomize Feeds
How resilient is an encrypted email against attack?

Emails are encrypted in order to hide their contents from network providers, cybercriminals, and intelligence services who might gain access to them via hacked routers, an email server, or by recording a message during transmission.

The intercepted message is manipulated by the attacker as he adds his own malicious commands in encrypted form. Thus altered, the message is sent to one of the recipients or to the sender, i.e. where the data is stored that's necessary for deciphering it.

After the message has been deciphered, the inserted commands cause the victim's email program to establish a communication connection with the attacker the next time the email is opened. This form of communication is pretty much standard when, for example, images or design elements in emails are loaded. Via that connection, the decoded email is then sent to the attacker who can read them.

The common email encryption standards are S/MIME & OpenPGP. S/MIME stands for Secure/Multipurpose Internet Mail Extensions. Both S/MIME & OpenPGP have been in use since the 1990s. S/MIME is frequently deployed by enterprises that encrypt all outgoing and decrypt all incoming emails. OpenPGP is preferably used by individuals. Transport Layer Security, a protocol which is used for the encryption of online data transmission. But it is also vulnerable as far as email encryption is concerned.

In its existing state, S/MIME is not suitable for secure communication. In the case of S/MIME, the attack has been successful and the current standard is not suitable for secure communication. OpenPGP can be configured and used securely; however, this is often not the case. Hence both are insecure.