Critical flaw found in email encryption tools

Adjust Comment Print

Teams from KU Leuven University and Ruhr University have worked alongside FH Munster and the Electronic Freedom Foundation (EFF) is working with them to get the word out. The researchers further elaborated the attack methods in documentation (PDF) on EFAIL released Monday.

Attackers need to send emails as specially crafted HTML messages that contain the code required to exfiltrate decoded text from vulnerable programs.

S/MIME is relatively commonplace in enterprise email networks, making this vulnerability particularly concerning. It means that the attacker would first have to break into an e-mail server, take over an e-mail account, intercept traffic as it crossed the Internet, or have access to a hard drive storing a previously sent e-mail.

When the person opens the email on their local client, it will attempt to fetch the URL to load the image.

A modified encrypted email sent by the attacker to the victim is decrypted by their email client. If it's not, GnuPG returns an alert. In addition, "use authenticated encryption".

It also said users should switch for the time being to non-e-mail-based secure messaging apps such as Signal for sensitive communications. Against PGP, it apparently works only once per three attempts, but against S/MIME, a single email can crack up to 500 messages at once.

In the future, patches should prevent this PGP flaw from being exploited. "It seems to not be easily reproducible in all cases".

A website explaining the issue has also now been made public.

Security researchers are warning that a serious flaw has been discovered in PGP, which for years has been considered the best encryption technology available for email. It is recommended to disable PGP plugins in your email client of choice until there is more information about the vulnerability and a fix is being determined for the issue. "The reason is that PGP compresses the plaintext before encrypting it, which complicates guessing known plaintext bytes".

Sebastian Schinzel, lead of the IT security lab at the Münster University of Applied Sciences, said the paper would be published ahead of a scheduled date later this week after the embargo was broken.

The EFF, which in its alert published specific ways to disable it in specific clients, echoed the assessment. Their advice for mitigating the vulnerability's impact is to stop encrypting or decrypting emails directly in affected email clients and to disable HTML rendering.

The research team that uncovered the flaw claimed the only way to fully protect against EFAIL, right now, is to stop handling PGP and S/MIME decryption in the mail client, and fully patching it will require updates to the encryption standards themselves.