Understanding TLS downgrade attacks and how MTA-STS mitigates them
It is easier to think that your encrypted email is safe enough to defend against any kind of attack, but the truth is that cybercriminals are getting smarter by every second, and it takes more than simple encryption to secure your email communications. One such attack that puts the integrity of your already secured emails in jeopardy is the TLS downgrade attack.
In this attack, the threat actor targets vulnerabilities in the previous versions of the Transport Layer Security (TLS) protocol and forces the communication to go back to its outdated, less secure version. Once successful, they intercept the communication and manipulate the data being transmitted.
The good news is that there is a way out of this vicious loop, and it is called Mail Transfer Agent-Strict Transport Security (MTA-STS). MTA-STS is a relatively new standard in the industry that hits the bull’s eye. In this situation, it secures email communications by enforcing the use of the latest and most secure versions of TLS.
Let us take a deep dive into what TLS downgrade attacks are and how MTA-STS emerges as a brute force against these attacks.
What is a TLS downgrade attack?
SMTP connections are not inherently secure as they allow encryption to be added later with the STARTTLS command. It is the STARTTLS that upgrades a plain SMTP connection to an encrypted one using TLS, but the command itself is sent in cleartext. This makes it vulnerable to a man-in-the-middle (MITM) attacker who can intercept the communication.
An attacker can leverage this opportunity to tamper with the STARTLLS command by replacing it with a string of meaningless characters. The attacker, very cleverly, replaces the command instead of simply removing it because doing so retains the packet size, making the discrepancies go unnoticed.
The client that doesn’t recognize the tampered command will fail to initiate TLS encryption and will revert to sending the email in plaintext. This clever tactic and the consequent fallback to unencrypted communication allows the attacker to intercept, read, and possibly alter the email contents without detection.
What we can infer from this is that a downgrade attack is often part of an MITM attack. The attacker forces the connection to roll back to cleartext, creating a pathway for cryptographic attacks that wouldn’t be possible with the latest TLS versions.
What are some of the notable TLS downgrade attacks?
There have been many instances of TLS downgrade attacks so far, but some of them stand out, given the impact they have caused. These attacks show how attackers can exploit the backward compatibility and flexibility built into protocols to compromise secure communications.
DROWN Attack (2016)
This was an attack aimed at servers supporting both SSLv2 and TLS. Attackers downgraded the connection to SSLv2, a much weaker protocol, giving them full reach to decrypt sensitive information. In this attack, the attackers tricked the system into using an outdated security method that they could easily break.
POODLE Attack (2014)
The POODLE (Padding Oracle on Downgraded Legacy Encryption) attack is one of the most infamous downgrade attacks. It was executed by forcing a secure TLS connection to fall back to SSL 3.0, which is much less secure. In the POODLE attack, once the connection is downgraded, an attacker needs only about 256 attempts to decrypt a single byte of encrypted information. The vulnerability was so severe that it led to the widespread deprecation of SSL 3.0 across the internet.
FREAK Attack (2015)
This attack exploited a weakness in the way some SSL/TLS implementations handled ‘export-grade’ cryptographic keys. Attackers forced a downgrade to weaker encryption, allowing them to break the encryption and intercept data.
How does MTA-STS defend against these attacks?
An important thing that you should know is that enforcing TLS is possible for client-to-server communications because both ends support it, but this is not the case with server-to-server communications. Some servers simply do not support TLS, which makes fallback to plaintext an inevitable consequence. This is where MTA-STS comes in.
Remember the problem of decryption we talked about earlier? MTA-STS ensures that your emails are always encrypted. It allows email servers to indicate that they rely on TLS to establish a secure connection. If a server can’t establish a secure TLS connection, it won’t send the email. This ‘fail close’ approach means that if the encryption negotiation fails, the email isn’t sent at all. This makes it impossible for attackers to force a downgrade to an unencrypted connection, ensuring your emails stay secure.
In addition to implementing MTA-STS to safeguard against TLS downgrade attacks, it’s crucial to configure SPF, DKIM, and DMARC for comprehensive email security, ensuring email authenticity and protecting your domain from phishing and spoofing threats.
MTA-STS enhances EXO or Exchange Online email security and compensates for any loopholes in the SMTP connection, such as a lack of support for secure protocols or expired TLS certificates.
This protocol allows you to enforce a policy that mandates the use of TLS for all email communications. If the recipient server does not support TLS, the email is held back.
Lately, many mail service providers have adopted MTA-STS, with the aim of making connections between servers more secure and ensuring that the updated versions remain encrypted.
How to get started with MTA-STS?
With threats like TLS downgrade looming over your digital landscape, you need a defence mechanism that is robust and reliable. As you know, traditional SMTP connections are vulnerable to various attacks, the MTA-STS standard emerges as a critical solution. It enhances email security by enforcing TLS encryption for all email communications, ensuring that emails are always sent over secure connections.
Ready to implement MTA-STS for your domain? Get in touch with experts so that you can establish a secure, encrypted connection and prevent TLS downgrade attacks.
Use end-to-end support for implementing MTA-STS, ensuring your email communications are always secure.