Researchers say new 'Efail' security risk undermines encrypted e-mail

Posted May 14, 2018

Security researchers detail a series of flaws in the widely deployed OpenPGP and S/MIME standards that could potentially enable an attacker to decrypt emails.

Whistleblowers, political activists and others who depend on encrypted email could all be compromised by the bug, the researchers said in a blog post. "The attack has a large surface, since for each encrypted email sent to n recipients, there are n + 1 mail clients that are susceptible to our attack", the abstract of the research paper reads.

The Gnu Privacy Guard (GnuPG) team responded to the EFF's warnings by saying the problem lies with how email clients implement OpenPGP, not with the protocol itself.

S/MIME is very similar to PGP except that instead of users defining their own encryption methods and web of trust (how to share their private encryption keys), S/MIME uses predefined encryption standards and public-private keypairs distributed by a trusted authority. Attackers can exploit those errors to hide HTML in messages that includes an external link that routes the plaintext of a message to an attacker, the newspaper reports.

University researchers from Münster and Bochum in Germany, as well as Leuven in Belgium, discovered the flaws in the encryption methods that can be used with popular email applications such as Microsoft Outlook, Apple Mail and Enigmail for Thunderbird, which all offer to decrypt emails on the fly.

'It Worked': Sheriff's Office Touts Fast Response To School Shooting
Meanwhile Antelope Valley Hospital was told several people were dead and as many as 25 students were injured, said Dr. The school remained on lockdown Friday morning as school officials worked to reunite students with their parents.

Professor Schinzel posted on Twitter that the university would publish its findings in the early hours of Tuesday morning, before alerting the Electronic Frontier Foundation (EFF), who first reported the vulnerability. EFF, the world's biggest digital rights group, which has seen the details, says that such a vulnerability is an "immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages".

Koch says the researchers found that HTML can be "used as a back channel to create an oracle for modified encrypted mails".

But it added that correctly used and configured, both forms of encryption remain secure. That's because EFAIL can be stopped by using authenticated encryption; OpenPGP started to support authenticated encryption in 2001. CounterMail, Hushmail and Mailfence all use OpenPGP.

Professor Schinzel is a member of a research team consisting of a long list of respected security researchers, and which has been responsible for uncovering a number of cryptographic vulnerabilities.

"In the most straightforward example of our attacks, the adversary prepares a plaintext email structure that contains an img element, whose URL is not closed with quotes", the researchers wrote.