T 4.37 Lack of reliability of groupware

In many cases, groupware services substitute the traditional approach, for example email substitutes the traditional communication by mail, calendars or address books are maintained online. However, the fact that these services are only insufficiently reliable in the absence of additional security safeguards is often disregarded. This refers both to the confidentiality, integrity and availability of these services and the information processed using them.

Failures and loss of messages

The exchange of data via groupware and services such as email is fast and convenient, but not always reliable. Messages are lost on a regular basis due to hardware and software errors in the IT systems involved, or interference in transmission lines. These technical problems may have multiple reasons; for example, cables may be damaged, network switching elements may be defective, or the communication software may be configured incorrectly. Emails may also be lost, because the recipient's address was entered incorrectly. The biggest problem in this case is that users are often not informed about failures to deliver email. Mechanisms designed to automatically indicate failures to deliver messages are not completely reliable.

Example:

• Many email programs offer options such as "Confirm dispatch" or "Confirm receipt". However, such confirmations should not be overestimated. Often, these confirmations are not issued on the arrival of email at the recipient's workstation, but on arrival at the mail server. No indication is given of whether or not this server has successfully forwarded the email to the intended recipient. Furthermore, indication of successful transmission of email is often not provided, even when the email was correctly transmitted, if this option is not supported by the recipient's workstation.

Lack of authenticity and confidentiality of messages

Groupware services are usually offered without any cryptographic protection in their default settings. This means unauthorised persons may possibly view the schedule of groups or individual persons using calendar services. This may be used to prepare different types of attacks in a targeted manner, e.g. burglaries, social engineering, corporate espionage.

With unencrypted emails, all information can be read on every IT system the message is processed on along its way through the network. Since the exact route generally cannot be predicted, an email may pass through a lot of different systems.

Information which is not protected with the help of digital signatures may also be modified or deleted on every system involved without the recipient having any way of noticing this. In addition to modifications to the text or possible file attachments of an email, information such as the sending and forwarding data or the sender's address may be modified, see also T 5.73 Impersonation of wrong sender.

Therefore, it is wrong to compare emails to classic letters. Comparing emails to postcards would be more appropriate.

Examples:

• An employee sent emails with the sender information of his boss containing work instructions to different colleagues.
• Practically all of the large amount of spam emails spamming the email mailboxes on a daily basis are equipped with a forged sender's address.
• Usually, the local system time on the computer of the sender is entered as the date the email was sent. Since even normal users are often able to modify the system time, a certain sending date in an email is not necessarily proof that this email was actually sent at a certain point in time.