how can hackers read emails in transit? In addition to phishing for account details and accessing someone’s email account directly, is it possible for hackers to “read” ongoing email communication that is not encrypted?
In: Technology
The most basic answer is, yes they technically can but because of the current encryption technologies they most likely cannot.
Without getting into too much technical details, emails are encrypted from end to end using unique keys which only the sender and the receiver has. Basically, it is very easy to acquire the encrypted emails (simply perform a MITM attack), but the difficult part is decrypting those emails, which is next to impossible for your average hacker.
But, you said email communication that is **not** encrypted. So basically yeah you can definitely do that and it wouldn’t be that hard either. However, in the real world, cases like that practically don’t exist because all major email providers like GMail uses encryption.
1. Emails are like convertible cars they don’t have a roof to keep you dry when it rains you get wet.
The email protocol was designed before hackers were a problem it has no security or secrecy built into it.
2. , Imagine having to present your bag to a private security guard at every school and shopping centre you went to. And the security guard will open your wallet and read all your credit cards and open letters and bills.
Packets are routed through the network to anyone with a network device. The owner of the device can open every email that arrives at their device requesting to be delivered somewhere else.
Note: modern email clients use secure methods to forward emails but the email client you use and the email provider you use must both use these methods or the email is sent unsecured.
This is different to Web browsers which encrypt the the request before sending it.
Gmail is an example that gives some clear warnings when using unsafe transit methods.
They either need access to your machine (easiest), access to your mailserver via your credentials (super easy) or access to the server itself (med), be your ISP (lol) or set up a man in the middle (hard), or have access to the mailserver or machine of the recipient.
Encryption only prevents the man in the middle reading your email as it’s only encrypted in transit (like SSL) and not at rest on the servers.
It’s an outdated, insecure protocol that shouldn’t be used for anything but sending electronic post cards. Assume everything you send is a postcard that others can read unless you are using additional encryption to ensure the messages contents are encrypted at rest too such as PGP/GPG.
Latest Answers