Experts Warn New Bugs Could Expose PGP Emails

Experts Warn New Bugs Could Expose PGP Emails


"The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client". It was developed by RSA Data Security and is now built into most modern email software.

PGP (Pretty Good Privacy) is a data encryption method sometimes added to programs that send and receive email.

German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers.

Schinzel and his team's research has been corroborated by Electronic Frontier Foundation (EFF), and has been described in detail by the researchers in a paper published earlier today.

They've discovered a critical vulnerability dubbed EFAIL that could allow an attacker to view the contents of encrypted messages in plaintext, including emails that have been sent in the past.

"EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. This creates a single encrypted body part that exfiltrates its own plaintext when the user opens the attacker email". These security flaws could essentially reveal encrypted emails in plaintext even if they were sent in the past.

Researchers were careful to state Monday that an attacker has to already have access to a person's email account in order for the exploit to work. "There is a real attack that can be exploited by people that allows them to decrypt a lot of encrypted email".

Enigmail's Robert Hansen tweeted that "GnuPG has given warnings on missing/malformed [authentication encryption] for years".

The second vulnerability partially incorporates the first, and relies on an attacker being able to guess parts of the encrypted communication, which is generally possible due to the nature of the protocol involved.

Some have been arguing that EFAIL isn't a problem for OpenPGP as long as the implementations are done correctly (in addition to the aforementioned authenticated encryption, this includes not using HTML emails, which thwarts the problem). The EFF echoed Schnizel's instruction, and advised those affected to use Signal - a free end-to-end encryption software that's compatible with both Android and iOS devices - until the issue has been rectified.

His colleague Robert Hansen said on Twitter that the issue had been known about for some time. Start by removing your S/MIME and PGP private keys from your email client...

The research team that uncovered the flaw claimed the only way to fully protect against EFAIL, right now, is to stop handling PGP and S/MIME decryption in the mail client, and fully patching it will require updates to the encryption standards themselves.

  • Terrell Bush