Efail exploit circumvents PGP and S/MIME email encryption

Efail exploit circumvents PGP and S/MIME email encryption
I ♡ gadgets, games and grammar. One-time American, full-time technologist.

If you rely on encrypted email via PGP or S/MIME, you may want to temporarily switch to a new form of communication, as serious issues have been found with how these standards are implemented in many popular email programs on Windows, Linux, macOS and Android.

Following an initial advisory on Monday, European researchers published an exploit called Efail in a paper called Breaking S/Mime and OpenPGP Email Encryption Using Exfiltration Channels.

The paper outlines vulnerabilities that allow attackers to leak the plaintext contents of encrypted emails to an attacker-controlled server after users open an email which had been injected with malicious plaintext snippets. However, the attack only works if the malicious party has access to previously sent emails, either by taking over an SMTP or IMAP server, or accessing emails saved onto a hard drive.

The attack is fairly complex, so to understand it you might find it helpfult to watch of the paper's authors demonstrate the attack on YouTube for Thunderbird and Apple Mail.

In the group's testing, they found exfiltration channels in 23 of 35 S/MIME email clients and 10 of 28 OpenPGP clients. These vulnerabilities have existed in many cases for more than a decade, and in mainstay email applications including Outlook, Thunderbird and Mail.

You can protect yourself against the exploit in several ways. Firstly, the research group was unable to synthesise an attack that used plaintext emails, so switching from HTML to plaintext emails should render you outside the scope of harm. The Electronic Frontier Foundation also provided advice on its website, stating:

"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email."

Here is a table of affected clients from the paper linked above:

Some email clients have already begun fixing the issue, with the first patches expected to arrive by the end of the week. Keep an eye out for updates, and be sure that your client is protected before you begin sending and receiving PGP or S/MIME encrypted emails again.

Additional information about the attack and its consequences, including a comprehensive FAQ, can be found at the efail.de website.

Are you worried about the consequences of this exploit? Was your email client affected? Let us know in the comments below.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *