Proton

In late August, a security advisory(nuova finestra) was published regarding a newly discovered exploit affecting email providers. The issue, dubbed as “ROPEMAKER”, stands for “Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky”.

The attack is an interesting one so our security team took a closer look at it. The RopeMaker technique allows an attacker to visually modify a HTML email, sent by the attacker, even after it’s been delivered. In some cases, RopeMaker can also be used to modify the HTML code of an email as well. For example, an attacker could change a good link into a malicious link, or edit the body of an email at will, all without access to the mailbox, and even after the email has been delivered(nuova finestra).

Based on the security advisory, Outlook, Apple Mail, and Mozilla Thunderbird are/were vulnerable to this issue. Unfortunately, there’s no fix that you can make yourself to prevent this attack if you’re using one of these email applications. You’ll instead have to wait for these services to patch their systems.

How it Works

The main requirement for achieving a successful RopeMaker attack is when the email client allows remote CSS files to be rendered. The remote CSS file acts as a “modification backdoor” for the attacker/sender in the RopeMaker technique.

RopeMaker and Proton Mail

After analyzing the security advisory, we immediately performed an internal review of our CSS rendering processes. We can confirm that Proton Mail is not affected by the RopeMaker technique, and was not previously affected by it. However, we will be doing some additional development in order to further harden Proton Mail against future, not-yet-discovered exploits which may leverage some of the same techniques as RopeMaker.

At Proton Mail, we are serious about being the most secure email provider. A large part of ensuring a safe email experience is through engineering with security and privacy as the core principle, and not as merely an afterthought. However, even then, there is no such thing as 100% security, so providing the safest email service also requires active monitoring of the latest security threats to emerge.

As part of our email security efforts, our internal security team monitors numerous security mailing lists, forums, and other locations with relevant online chatter in order to identify and block threats before they can be exploited. In addition to our extensive internal efforts to protect Proton Mail users, we also host a bug bounty program to work with security researchers around the world in improving the security state of both Proton Mail and Proton VPN. Through leveraging the expertise of the global security community, we can ensure that Proton Mail is as safe as possible.

Articoli correlati

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.