The magazine "Wired Germany" has discovered a vulnerability in mobile webmail offers from Web.de, GMX and 1 & 1. The problem has now been resolved. "We had not a single indication that the gap has been abused," said a spokesman for the provider of the German Press Agency on Tuesday. It was anyway a quite theoretical case.
As "Wired Germany" reported on Tuesday, unauthorized persons would have been able to gain access to users' e-mail accounts under certain conditions. The account owner would have had to click a link in the mail of a potential attacker in the supposedly secure protocol HTTPS. As a result, the attacker was able to steal information contained in e-mails.
Potentially 1.7 million accounts could have been affected, wrote "Wired Germany". This contradicted the 1 & 1 spokesman. It is more of a "storm in a glass of water". For a real attack a whole series of conditions would have to be fulfilled at the same time. The vulnerability has been closed since 14 August.
As also "Wired Germany" writes, would have endangered users who were in an unprotected area such as an Internet café and had disabled the cookie settings on their mobile device. In addition, the user would have had to actively click on the link.
As an additional condition, an attacker would have had to outsmart the spam filter, added the 1 & 1 spokesman. In addition, a logout would have ended the attack immediately. According to internal calculations, statistically less than one user of the webmail service could have been affected, he said. "After detailed analysis, we have no indication that this has happened".
