A team of European researchers has shown the PGP and S/MIME encryption used to protect many email systems can be broken by exploiting backchannels in email clients to get access to the plaintext version of the original ciphertexts.
Researcher Sebastian Schinzel headed a team from University of Applied Sciences Münster detailed the attack, labeled EFAIL, in a paper released today. The vulnerability centers on using ciphertext in a malicious manner. Essentially, the flaw allows an attacker to intercept, possibly through a man in the middle attack, and reassemble ciphertext from the victim into a specially-crafted ciphertext which would then exploit the backchannel in the email clients, the report stated. The researchers consider a backchannel to be any functionality that interacts with the network.
“To decrypt the emails, he first manipulates their ciphertext by using appropriate malleability gadgets. In order to make these manipulations work, he may make informed guesses about the operating system, the email client and the encryption software the victim uses,” the report stated.
The clients vulnerable to such an attack. include several versions of Outlook, Apple Mail and Thunderbird.
Among many potential issues, such access would allow would be to give an attacker to access a password reset email allowing the threat actor to gain control over that account.
The Electronic Frontier Foundation (EFF) quickly issued a warning to the PGP user community Monday before the report came out, advising users to “immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted mail.”
“Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal and temporarily stop sending and especially reading PGP-encrypted email,” the EFF wrote in a blog post, noting that the organization along with the European researchers were warning PGP users in advance in an effort “to reduce the short-term risk.”
“These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community,” the EFF blog said. “We will release more detailed explanation and analysis when more information is publicly available.”
Calling #efail issue “clearly overhyped producing subpar user advice,” Joel Wallenstrom, Wickr CEO and data privacy expert, called the issue “very symptomatic of a larger trend impacting communication security.”
Noting that “PGP and other protocols used to run email rely on the server to manage keys and store content,” Wallenstrom, stressed “that users tend to never delete old emails, no matter how sensitive” so that anyone that has a user's “PGP keys has access to your entire email spool (not just one message), making it practically impossible to protect communications.”
The burden rests at least partially “on users to not only ensure proper configuration but also a timely disposal of communications that are no longer needed so they cannot be compromised,” he said. “These unrealistic expectations will always lead to poor security.”