Attackers could reveal the plaintext of encrypted emails

May 14, 2018 11:02 GMT  ·  By

Security researchers have discovered a major security vulnerability in PGP/GPG and S/MIME email encryption software that could be used by malicious actors to access not only the plaintext of encrypted emails, but also content sent in the past.

Professor of computer security Sebastian Schinzel warned of this vulnerability on Twitter, recommending anyone using these encryption systems to disable them entirely and switch to alternative solutions for sending encrypted data, including messaging platforms like Signal.

A whitepaper describing the bug was originally scheduled to be published on Tuesday, but more details started making the rounds early on Monday. As a result, the team of researchers decided to publish an in-depth analysis today, along with a website called EFAIL, a name that security experts also use to describe the vulnerability.

“The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs,” researchers explain.

“To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.”

Standards need to be updated

The Electronic Frontier Foundation has published a blog post to warn about the flaw, explaining that email encryption plugins in the most popular clients are exposed, including Thunderbird with Enigmail, Apple Mail with GPGTTools, and Outlook with Gpg4win.

“Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email,” EFF says, adding that users should only return to the previous configuration when patches are available. “These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community.”

Researchers note that OpenPGP and S/MIME standards need to be updated to be secure against EFAIL attacks, but emphasize that this “will take some time.”