Gmail to give warning notifications on Unencrypted Mails
Gmail is used by default by any Android phone user. You need a Google account to use Play Store and other features in an Android Smartphone. The Gmail application is one of the phone mail clients ruling the app market when it comes to mails. The simple user interface and the categorization of mails has been an instant hit with users.
Because of continuing issues with email security, Google has announced that Gmail will get features that will notify them when they get messages through a non-encrypted connection.
A study conducted by Google and researchers at the universities of Illinois at Urbana-Champaign and Michigan has found that regions of the Internet are preventing message encryption by tampering with requests to initiate Secure Sockets Layer connections, and malicious DNS servers are publishing fake routing information to email servers looking for Gmail. “These threats don’t affect communication between Gmail users, but they may impact messaging between providers”, Google said.
However the app will only warn the user. It will not be able track the sender. “This is part of a multistep process, not a final solution,” Rob Enderle principal analyst told the E-Commerce Times. The warning “will help in cases where hackers try to perform DNS poisoning while trying to infect or phish users visiting well-established websites,” security consultant Sorin Mustaca said.
“The security landscape is very fragmented and very discombobulated with regard to encryption,” said Paul Ferguson, a threat research advisor at Trend Micro. “There doesn’t seem to be a lot of coherency, to the point where end users are confused and don’t know how to properly protect themselves.”
Encryption in email “is not fully baked and is fragmented at various levels of the protocol stack,” he told the E-Commerce Times. Users can encrypt their email with Pretty Good Privacy, but “then it runs across unencrypted paths.”
The main problem with email security is lack of awareness, Ferguson said, but, “as more data breaches occur and more personally identifiable information is stolen, that may change.”
“Warning Gmail users of incoming unencrypted emails tackles only the client side of the problem; there are issues in other areas, including server-to-server communications, where TLS applies and in certificate authority architecture”, he said. “We have a disorganized technology space that doesn’t serve the end user very well”, he added.
The Gmail features will be rolled out in the coming months.