Startup discovers email vulnerability that could impact up to a billion Internet users

WEST LAFAYETTE, Ind.  – Spotlight Cybersecurity LLC, a Purdue-affiliated startup, has discovered a vulnerability in email account protocol that could impact up to a billion Internet users worldwide.

Spotlight Cybersecurity co-founder and chief technology officer Robert Morton, a Purdue doctoral candidate in information security in the Center for Education and Research in Information Assurance and Security, or CERIAS, publicly released his findings on Tuesday, April 18, at CERIAS 2017. CERIAS is comprised of components from several Purdue departments—and is one of the largest cybersecurity research and education centers in the world.

Morton named the vulnerability “Ring-Road.” Visit Ring-Road for more information.

“We’re in discussions with international email service providers right now about this vulnerability,” Morton said. The discussions center on the scope of the vulnerability and the extent to which Ring-Road affects other products and services.

Morton discovered the vulnerability as part of a Purdue class project involving security research. Through Spotlight Cybersecurity, Morton developed an exploit that demonstrates how hackers could use the identified vulnerability to determine the number of characters being used in passwords for individual users’ email accounts. “If I know the number of characters being used, it’s much easier to hack into an email account,” Morton said.

 “We are providing one major email service provider with an example of how someone could tangibly use this to hack into hundreds of millions of accounts,” Morton said. “That garnered enough support for them to start an investigation.” 

“Ring-Road demonstrates that users shouldn’t rely solely on vendors to protect their information,” noted co-founder and CEO Jacob W. Crisp. “That’s why we launched Spotlight Cybersecurity to provide users with a simple and effective platform to protect their information, anytime, anywhere. With our proprietary technology, users can track files in real-time, monitor file events and most importantly, remotely wipe sensitive information across all devices and storage locations.”

Spotlight Cybersecurity received assistance from Purdue Foundry, an entrepreneurship and commercialization accelerator located in Discovery Park’s Burton D. Morgan Center for Entrepreneurship. “Purdue Foundry has been very helpful in the creation of our company,” Crisp said. “They certainly helped us identify the kinds of things venture capitalists look for when considering investing in a startup.”

About Spotlight Cybersecurity LLC

Spotlight Cybersecurity LLC is a cybersecurity startup that focuses on file intelligence and file security.  Spotlight’s team has over two decades of experience in government cybersecurity policy, analysis, and operations, and private sector information technology consulting and management. The company’s patent pending technology provides the first ever advanced persistent defense platform in the world.   For more information about Spotlight Cybersecurity and the company’s products and services, click here.

About Purdue Foundry

The Purdue Foundry is an entrepreneurship and commercialization accelerator in Discovery Park's Burton D. Morgan Center for Entrepreneurship whose professionals help Purdue innovators create startups. Managed by the Purdue Research Foundation, the Purdue Foundry was named a top recipient at the 2016 Innovation and Economic Prosperity Universities Designation and Awards Program by the Association of Public and Land-grant Universities for its work in entrepreneurship. For more information about funding and investment opportunities in startups based on a Purdue innovation, contact the Purdue Foundry at foundry@prf.org.

Writer: Curt Slyder, 765-588-3342, caslyder@prf.org

Sources: Robert Morton, mortonr@purdue.edu

Jacob Crisp, jake@spotcyber.com