Sicherheitsanalyst: De-Mail absichtlich unsicher gebaut | ZEIT ONLINE
Sicherheitsanalyst: De-Mail absichtlich unsicher gebaut | ZEIT ONLINE
Chaos Communication Congress Supposedly safe De-Mail purposely built uncertain
Thus, the state can read, De-mails are not encrypted properly - that is unsafe and dangerous, security analyst Linus Neumann said the chaos Congress 30c3.
Just so there are no misunderstandings: De-Mail .'s declared attempt by the Federal Republic to build all Germans a secure way of electronic communication , not only since the NSA all technical systems has been infiltrated , emails are a problem because they like postcards can be read by everyone. De-Mail will change all that actually, it should - it is the relevant law - "ensure safe, confidential and verifiable commerce to anyone on the Internet" one. The certified provider can show each of their ID card and register it by name. For this, they may ask for money for each De-Mail, 39 cents are usually.
The claim to be confidential and secure is, however, not nearly fulfilled. There has long been criticism of the system . Meanwhile, security analysts, given the apparently deliberate uncertainty of De-mails but only cynicism left. Just as Linus Neumann . He blogs for years about such issues, working at a company that tests technical systems for their safety and was invited as an expert to the De-Mail topic in the Bundestag.
Display
Neumann presented at the 30th Chaos Communication Congress (30c3) in Hamburg a comprehensive analysis of the State-mails before . It is devastating: De-mails are not safer than ordinary mails, they were "unnecessarily and intentionally incompatible with the rest of the world", they are an attractive target for criminals and would also entail more legal risks for users.
And not only that De-Mail was the chance Neumann said, comprehensively introduce an encrypted and secure communications in Germany. "Thus I have explained why that was not done." De-Mail is deliberately designed so that German security services could read the content, he believes. "No government is stupid enough to provide their citizens with a tap-proof system for communication."
It is all about that in De-mails no end-to-end encryption is built-in. The term describes that data can be encrypted by the sender and decrypted only from the receiver and read. Although De-mails are quite encrypted, but it is not. Upon her all the way through the Internet
Virus scanner?
The encryption is performed by the provider, that provider of the system, such as the telecom or Web.de, not the customer. And the provider decrypts the De-mails in between back in to read them. The argument: The serve of safety, only it would be possible to guarantee that De-mails contain viruses. The virus scanner should look into the mail.
Neumann, however, said the serving alone of uncertainty. After all, there is thus a central server on which the mails were lying around unencrypted, even if only for a short time. This server is guaranteed a worthwhile target for any attacker, and will therefore also be attacked guaranteed. For Neumann, it is only a matter of time until De-mails are hacked.
In addition, he holds the thing with the virus scanner is a false argument to justify that the state wants to get at the contents of the mails. "If I intend to infect many computers with a virus, I do that but not with a mail, which costs 39 cents and is registered in my name," he said. Virus attacks by criminals are mass attacks, want to reach millions of computers in the hope that you can then take a few thousand. The system De-Mail is no interest for such attacks to be too expensive.
De-Mail-Rechenzentrum der Telekom | © Nicolas Armer/dpa
