- New research reveals millions of host sites are without TLS encryption
- TLS encryption allows end-to-end encryption for safer communications and browsing
- ShadowServer has recommended these hosts be retired
New research from ShadowServer has revealed 3.3 million POP3 (Post Office Protocol) and IMAP (Internet Message Access Protocol) mail servers are currently exposed to network sniffing attacks, due to being without TLS encryption.
TLS, or Transport Layer Security, is a security protocol which provides end-to-end security between applications over the Internet. It is used for secure web browsing, and encrypts communications through email, file transfer, and messaging.
ShadowServer scanned the internet for hosts running a POP3 service on port 110/TCP or 995/TCP without TLS support – finding 3.3 million hosts without the security layer.
Time to retire
Without TLS, passwords for mail access could be intercepted, and that exposed services could allow password guessing attacks on the server. Without the encryption, credentials and message content is sent in clear text, which exposes hosts to eavesdropping network sniffing attacks.
Almost 900,000 of these sites were in the US, with over 500,000 and 380,000 in Germany and Poland, but the researchers note, ‘regardless whether TLS is enabled or not service exposure may enable password guessing attacks against the server’.
“We have started notifying about hosts running POP3/IMAP services without TLS enabled, meaning usernames/passwords are not encrypted when transmitted,” the ShadowServer Foundation said in a tweet.
“We see around 3.3M such cases with POP3 & a similar amount with IMAP (most overlap). It’s time to retire those!”
In August 2018, TLS 1.2 was updated with TLS 1.3 brought in, with 1.3 offering significant improvements in both performance and security. Whilst TLS is very common, ImmuniWeb reports that from Q1 2024 to date, there were 1,421,781 SSL/TLS events – so even with the encryption, there are dangers for users.
Via SecurityAffairs