Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors
Black Hat Asia 2025 · Day 1 · Briefings
This talk, "Inbox Invasion: Exploiting MIME Ambiguities to Evade Email Attachment Detectors," presented by Jang from Tsinghua University, unveils a critical flaw in how email security systems process messages. The research demonstrates a novel class of **protocol-level evasion techniques** that manipulate the structure of email messages to bypass even the most sophisticated attachment detectors. Instead of focusing on traditional malware obfuscation, this work highlights parsing discrepancies between email security gateways and end-user clients, allowing malicious payloads to reach inboxes undetected.
AI review
Jang's 'Inbox Invasion' isn't just another talk; it's a fundamental indictment of email security. By systematically exposing how MIME ambiguities allow malicious attachments to bypass every major email detector and client combination, this research uncovers a critical, overlooked attack surface. The development of MyMiner, the identification of 19 novel attack vectors, and the live demo of WannaCry bypassing Gmail are not just impressive – they're a wake-up call that redefines the threat model for email, proving that protocol-level flaws are as dangerous as any zero-day.