Researchers have discovered that the service claiming to be the only secure way for sending emails is actually filled with vulnerabilities, flaws, and bugs and that hacking it would be a child’s play for every hacker.
Having an email address carries a lot of risks and can often be more of a problem than it’s worth. Not only do you have a bunch of messages every day that you need to answer to, plus every now and then there’s some sort of disaster that needs to be taken care of, but there’s also a constant risk of being hacked and finding your personal mail posted online.
It’s not a secret that emails are far from the safest way of online communication, but they still are one of the most commonly used, and it’ll remain that way, at least for the time being. In order to deal with this, a new company called Nomx has decided to try and change this, as well as the way we do email, and they’re doing it in a way that “ensures absolute security and privacy”, as their website suggested.
The website has a tagline that says “everything else is insecure”, and the first message you’re bound to see is “DID YOU KNOW THAT EVERY SINGLE MAJOR EMAIL PROVIDER HAS BEEN HACKED?”
The way the website’s designed and the message it sends would make you think that their security is outstanding, but as it turns out, it’s actually worse than many other email companies’.
Their idea is to sell you a $199 device that’ll help you with establishing your personal email server, which would then keep you away from mail exchange, or MX. Which is how they came up with a brand name Nomx. The reason for this is the fact that servers used for mail exchange are vulnerable and generally unsafe, according to the company.
Scott Helme, who works as a security researcher, has decided to see how the device really works, and all he found was a Raspberry Pi that had outdated software and a bunch of bugs. It was so bad, that if anyone who was using it visited any malicious website, a potential hacker would be able to take full control of their device.
Helme claims that Nomx’s app has a flaw that makes it vulnerable to a cross-site request forgery (CSRF). This attack tricks victim’s device into running malware, and all it’s needed is to visit an infected website.
The CEO of Nomx, Will Donaldson, has written a long response in which he dismisses everything that Halme said. On the other hand, Halme has found that many of these denials aren’t true.
Donaldson has stated that he would be “happy to discuss” questions related to this, but instead, he ignored many of them and suggested that Halme tries to prove that the company’s emails were ever hacked, followed by a bunch of statistics and false facts, and he even refused to tell how many users the company even has.
Nobody really understands what the company is trying to achieve, but many have concluded that it’s probably best to leave matters like these in the hands of professionals that companies like Microsoft and Google employ.
