Electronic mail is indispensable nowadays. We can hardly imagine a single day without accessing our emails. Lots of sensitive information is exchanged using these emails. However, the transport of emails is not safe from attackers. There are a number of ways in which attackers can steal sensitive information transferred through emails. And, one of those attacks is the TLS downgrade attack.
What is the TLS downgrade attack?
TLS, or Transport Layer Security, is a protocol that is widely used to transfer sensitive data between two hosts over an unsecured network. In this protocol, data is encrypted using cryptographic keys before the transfer. (How does the TLS protocol work?)
The TLS downgrade attack is an attack in which an attacker tricks the server and the client that are communicating with each other to use a lower version of TLS. As a result, the attacker can take advantage of that to steal sensitive information. In most cases, this TLS downgrade attack is performed as part of the Man-In-The-Middle attack. The attacker listens to the conversation between the server and the client and intercepts the data to steal sensitive information. (How does the TLS downgrade attack work?)
How is the TLS downgrade attack perpetrated to steal sensitive data transferred over emails?
The SMTP or Simple Mail Transfer Protocol is a protocol that is widely used to transfer emails from one provider to another. Suppose Alice wants to send an email to Bob. So, when Alice sends an email to Bob’s email address, the mail server for Alice’s mail provider will contact the mail server for Bob’s email provider, and the email will be transferred.
Now, SMTP is a protocol that came into existence in 1982, which was much before the TLS protocol. The TLS protocol came into existence in 1995. So, TLS had to be retrofitted to the SMTP protocol. This was done by adding the extension STARTTLS.
So, when Alice wants to send an email from her email address to Bob’s email address, the source mail server communicates with the destination mail server. After the TCP Handshake, the destination mail server sends a STARTTLS to the source mail server. At this point, if the source mail server supports TLS, it will understand the STARTTLS, and encryption will be used over the …
0 Comments