SquareX exposes flawed email security in major web providers
Serial cybersecurity entrepreneur, Vivek Ramachandran’s browser-security start-up, SquareX, has unveiled the results of a recent study which found significant vulnerabilities in the scanning of email attachments for malicious documents by top webmail providers, such as Gmail and Outlook. These vulnerabilities put millions of users worldwide at risk from document-based cyber threats.
The analysis by SquareX’s research and development team involved sending 100 malicious document samples, segmented into four categories, via a third-party email provider, ProtonMail, to several major email providers. These included industry giants like Gmail, Yahoo, AOL, and Apple iCloud Mail, amongst others. Surprisingly, while these email providers demonstrated basic detection capabilities for unmodified malicious document samples, their ability to detect modified malicious documents manipulated with readily available attack tools fell short. This failing has exposed a serious cybersecurity loophole that threatens millions of users globally.
“The inadvertent discovery of this significant lapse in email security during our product enhancement process was startling,” shared Vivek, the founder and CEO of SquareX. These findings carry implications for the reliance on email services as secure communication channels and cast a shadow over the effectiveness of existing email security measures. These security failings may leave millions of users and enterprises worldwide exposed to potential exploitation, due to a false sense of security.
“Our intention in making these findings public is to ignite a dialogue on the urgent need for reinforced security measures and encourage email providers to either elevate their security protocols or transparently acknowledge their current limitations,” added Vivek. This is particularly important in an era where cyber threats are becoming increasingly sophisticated, but email providers appear ill-equipped to detect and intercept these emerging menaces.
To address these security loopholes, SquareX has introduced a new in-browser malicious document scanning feature as part of its browser extension, which is currently in testing. This effort not only highlights the start-up’s commitment to making the web safer but seeks to rally other companies to unite in the mission to secure online activities of users and enterprises from cyber-attacks.
SquareX was founded by seasoned cybersecurity expert, Vivek Ramachandran. Its mission is to arm users and enterprises with the confidence to navigate the online world without fear, safeguarding individuals and enterprises from a spectrum of browser-based threats, including malicious files, websites, scripts, and compromised networks. Currently available on the Chrome and Edge stores, the SquareX browser extension has garnered a user base of over 100,000 globally, in less than a year.
Vivek is a serial entrepreneur, respected author, and cyber security professional with over two decades of experience. He is a frequent speaker at top security conferences worldwide and has made a significant impact on wireless security with the discovery of the significant Caffe Latte attack. Plus, he has authored multiple five-star rated books on Wi-Fi security, appreciated the world over.
About Author
