DEAD – An attack vector on web services, due to e-mail’s faults due to DNS

Domain Emails Are Dead (DEAD)

A security reminder that e-mail and DNS should never be a critical component of a secure system architecture.

PROBLEM

DEAD is a potential vulnerability in the DNS system that exists due to the poor method in which it was implemented in totality. DNS, which is largely controlled by ICANN, is susceptible to third-party takeover and simple expiration.

Modern e-mail utilizes DNS extensively. E-mail users create e-mail addresses with the form [email protected].

Websites, all over the world, utilize e-mail to verify people’s identities (many let you reset your password with just an e-mail).

Since DNS is susceptible to third-party takeover and simple expiration, it is deterministic that many e-mail address domains will expire (e.g., death of a person and expiration of said person’s credit card), leaving people’s accounts on websites, all over the world, susceptible to account theft.

Additionally, this theft may be legal in many jurisdictions as control of an e-mail address, often times, also signifies control of an account.

STOP GAPS

The suggested stop gaps, below, are simply workarounds in lieu of properly creating accounts for people using a different identifier than e-mail. However, these may help.

1. Securing Content
   1. Client-side PGP
      1. 1. E-mails encrypted with PGP will be unreadable by an unintended recipient, even in the event the domain/e-mail is hijacked, unless, the intended recipient was already completely owned (had their private key stolen) by the unintended recipient.
2. Detecting Manipulation
   1. 1. Server-side DNSSEC Implementation
         1. Keep a cache of certificates provided by root and checking for change.
            1. Requires DNSSEC to be implemented on all recipient e-mail domains which is far from the case in 2018.
      2. Server-side Domain Ownership Monitoring:
         1. Compile a list of all domains in an ephemeral dataset from all users’ emails.
         2. Check if any of the domains may have changed ownership.
            1. Check if a domain expired.
            2. Check if a domain was newly purchased post creation of the user’s account.
            3. Additionally, check if MX records, including IP addresses, changed.
            4. Ideally, attempt to ‘fingerprint’ the MX as even an IP can be BGP hijacked.
         3. In the event ownership changed
            1. Block password resets for accounts that may have changed ownership.
               1. Notify user that the reset was blocked due to the above reasons and get in touch with the domain vendor and attempt a different verification method
            2. Send a message to user’s secondary e-mail if one exists.

FIX

Don’t let your critical infrastructure rely on e-mail and the currently unverifiable version of DNS.

ON Private Internet Access

While Private Internet Access does use a registered email address (for account recovery purposes), your VPN connection remains secure even in the event an unauthorized party gains access to your account — each connection is uniquely and independently secured by design. (linked text to DH wiki etc).

We do not let our critical infrastructure rely on e-mail and the currently unverifiable version of DNS. You are safe with us.

MAIL PROTOCOL ALTERNATIVES

Mobile Instant Messaging Services (MIMS)

While it might seem that MIMS is what is hot, these services largely rely on telephone numbers for authentication. This SS7 network has been proven to be MITM/Hackable/Reroutable.

BitMessage

This provides strong anonymity and privacy. It depends on public key cryptography as it provides a broadcast style messaging network essentially sending the same message to every user on the network.

ZIM

Z-shielded memos on the Zcash network provide strong anonymity and privacy.