ROPEMAKER allows an attacker to change email after sending

ROPEMAKER - short for Remotely Originated Post-Delivery Email Manipulation Attacks Keeping Email Risky (translated as dangerous email after being sent) - revolves around the idea that an attacker sends email in HTML format for the victim, but instead of using embedded or inline CSS, it uses the CSS file from the attacker's server.

The purpose of this is to write and send an original email, then the attacker will edit it by changing the content of the CSS file on the server.

ROPEMAKER turns email security products into 'idiots'

The original email will go through email scanning tools installed on the victim's computer but the changes in the email content will not be detected when they occur. This is because the email security system does not re-scan once it has been sent to the recipient's inbox but only the messages that are coming before the time of receipt.

Two types of ROPEMAKER attacks

Francisco Ribeiro, a Mimecast security researcher and discoverer of this type of attack, said he discovered two forms of attack.

The first way is called ROPEMAKER Switch Exploit and based on the attacker turning the 'display' function of many elements on CSS.

For example, he sends an email with 2 links, 1 clean 1 dirty and only displays clean email. After receiving the email, he will edit the CSS file remotely and turn on the dirty link, hiding the link clean.

ROPEMAKER allows an attacker to change email after sending Picture 1
Change the function displayed on the email

The second way is called ROPEMAKER Matrix Exploit based on embedding the matrix of all ASCII characters for each letter in the email.

By the CSS display rules, an attacker can let each word appear and recreate the text he wants in the email anytime.

ROPEMAKER allows an attacker to change email after sending Picture 2
Use matrix for characters in email

E-mail scanning tools can't recognize these two types of attacks, but using matrices will create lots of cumbersome email because you have to embed the text matrix - numbers for each character, email security tools can be found.

Ribeiro said that the Mimecast has not detected any attacks using ROPEMAKER technology, but because of this vulnerability, email security tools cannot be recognized, so it does not exclude the case that it has already happened.

ROPEMAKER is not too scary

Although it sounds scary, in reality users don't have to worry much. Most email clients have a habit of extracting tags above (header tags) with HTML-formatted emails, including remote CSS file calling cards.

That is why most HTML email writing guidelines encourage web developers to only use inline CSS and avoid embedded CSS or remote CSS.

Mimecast tested ROPEMAKER with many email clients and said that the browser email interface is not affected when attacked by ROPEMAKER. Not surprisingly, these interfaces pull the tag header as carefully, avoiding interference with the normal header of the page.

In addition, a Reddit user also points out that 'this type of attack is very easy to filter' because the system administrator only needs to block the CSS source from when the email client requests it.

email hacking

Marvin Fry

Update 24 May 2019

You should read it

May be interested

How to remove PlusNetwork browser attacker. com
plusnetwork.com browser attacker is integrated via messenger plus toolbar! community. once installed, it will change the homepage and set the default search engine to www. plusnetwork. com.
How to send email from Excel spreadsheet with VBA script
sending emails from microsoft excel requires only a few simple scripts. add this function to a spreadsheet and you can really make the most of all features in excel.
Fix common problems when email is not sent
when encountering email errors when sending, you should carefully read the details of the error messages included in the email to find solutions. the following article will help you fix some of the most common errors.
How to change another email on Facebook
to hide the previous facebook registration email address, we can add a new email address to facebook and delete the old email address.
How to change Apple ID from 3rd party email to Apple email
apple has changed apple id from third parties such as yahoo mail, gmail, outlook mail ... to the traditional icloud.com format, without affecting user accounts.
Two disposable email services help eliminate Spam
there are many reasons why we need to use the one-time email service, which helps you be like a spy sending and receiving messages secretly.
Instructions for using secret mode when sending email on Gmail
nowadays with the development of technology as well as information security, users can use secret mode when sending email on gmail.
How to send encrypted email on Android using OpenKeychain
today's article will show you how to encrypt email on android using openkeychain. the best thing is that openkeychain is completely free. using openkeychain for email encryption is quick, easy and effective.
What is an email address?
what is an email address ?. email is an english word that stands for electronic mail, meaning electronic mail. you can write letters by typing on a computer and sending it to the recipient via the internet.
How to change the default email storage folder in Outlook desktop
if you regularly use microsoft outlook, you probably know that when you send an email, outlook sends the original email to the recipient and stores a copy of that email in a folder called sent items.