Google, Yahoo SMTP email severs hit in Thailand

Staff writer
12 Sep 2014

Internet users in Thailand have been hit by a massive man-in-the-middle attack aimed grabbing email login credentials from fake SMTP servers.

The attack has been verified on Google’s and Yahoo’s email servers and on two of the country’s largest fixed-line ISPs, though preliminary analysis suggest that all SMTP servers are targeted.

The STRIPTLS attack as it has become known works by inserting a man-in-the-middle at the ISPs. This is done via a transparent proxy.

Normally a client connecting to on port 25 would be elevated to use STARTTLS encryption before authentication with username or password is passed and before the actual email message is sent.

However, accessing from within Thailand results in a connection to a fake server that says it does not support STARTTLS encryption. If the email client proceeds any email sent is sent unencrypted through the man-in-the-middle but more importantly so are email login credentials.

The perpetrator would have a huge collection of usernames and passwords to email accounts through this attack as well as the actual messages.

Setting the email client to explicitly use TLS connecting on ports 465 or 587 is still safe and communication remains encrypted. Only clients that are set to use encryption if available connecting on the default SMTP port would fall foul of the attack.


Follow Telecom Asia Sport!
No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.