Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

'EFAIL' Email Encryption Flaw Research Stirs Debate

A newly revealed vulnerability in email encryption is a big problem for a small subset of users.

Two common methods of encrypting email messages are broken and could lead to an attacker seeing every encrypted detail in plain text, according to a group of researchers in Europe. But several security experts meanwhile contend that the flaws don't lie within the S/MIME and OpenPGP protocols but instead in certain email clients.

The research paper, "Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels," was written by eight researchers working at three European universities. In it, they describe a method by which an attacker can intercept an encrypted message, insert simple HTML code, and have returned to them an unencrypted version of the text.

"The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails," write the researchers. And it is in this statement where the disagreements start: "This paper is misnamed. It's not an attack on OpenPGP. It's an attack on broken email clients that ignore GnuPG's warnings and do silly things after being warned," writes the GnuPG and Gpg4Win team in an official response to the paper.

So who's right? "If you look at the analysis, it's the email clients that are named as the vulnerabilities," says Steve Malone, director of product management for messaging security services at Mimecast. "This is a fantastic piece of publicity. It sounds good and tells a great story — huge problem in global email protocols."

The problem is, he says, "It's been presented as a major, major security flaw, but we need to take a step back and take a look from an objective point of view."

The attack works like this: An email client is set to automatically display images sent via HTML mail. Now, you intercept an encoded message and forward the message to the email client with one addition: Open an IMG tag in front of the encrypted piece and don't close it until after the encrypted piece. Here's what the code will look like:

(Image: https://efail.de)

When the image tries to automatically display on the email client, the text is decrypted, and (here's the good part) a request for the image is sent back to the named server with the unencrypted text as part of the request string.

Email or Encryption At Fault?

Malone says that sequence shows that "It's been played up as an earth-shattering security vulnerability, but I'd describe it as an unfortunate series of events." 

The series includes at least one step - adding text to an encrypted message - that, according to the GnuPG team, should generate an error message. And if your email client responds as it should to that error, then there should be no decryption.

"If your email client respects this warning and does the right thing - namely, not showing you the email - then you are completely protected from the Efail attack, as it's just a modern spin on something we started defending against almost twenty years ago," writes Robert J. Hansen, chief author of the GnuPG group response.

That EFAIL is a vulnerability that should not have a major impact on a huge population is the consensus in several tweets today from high-profile security experts, such as Dan Guido:

Others on Twitter have pointed out that an effective exploit of the vulnerability involves phishing as well as traffic capture.

In addition to the PGP attack, there is a very similar vulnerability described for S/MIME as well as a CBC/CFB gadget attack that makes use of similar tactics but is more complicated to pull off. In all of these cases, though, the effect of an exploit of the vulnerability is the same, and the mitigation of the three is identical.

Fixing the Problem

Different organizations and individuals have suggested various ways to mitigate the vulnerability, ranging from turning off HTML mail display to turning off automatic display and decryption, to ripping out PGP and S/MIME altogether. These actions will certainly serve to protect from the vulnerability, but they will also have a severely disruptive impact on the way many organizations and individuals use email in 2018.

At the root of the vulnerability is a set of email clients that either haven't incorporated the latest versions of a standard or mishandle part of that standard's operation. "This is not the first and won't be the last example of problems with legacy components and standards that are very dated," says Malone.

Many enterprise IT teams have either moved away from PGP and S/MIME, or never used them to begin with, so EFAIL is a nonissue for them. Individuals and smaller organizations who depend on these email encryption techniques should take a careful look at the list of affected email clients included in the paper and EFAIL website.

If your organization falls into the slice of the Venn diagram that shows the union of PGP and S/MIME users and those with affected email programs on desktops, then you should definitely take one (or more) of the remediation steps. If not, then @GossiTheDog says it well:

Related Content:

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NeilB915
50%
50%
NeilB915,
User Rank: Moderator
9/13/2018 | 4:16:33 AM
Yahoo Support Number
Earlier i didnt know about what is EFAIL Process in Email but today onwards i know what is it. It is basiaclly a email Encryption Flaw Research Stirs Debate. Thanks for sharing such an informative details with us which is very useful to know. There is also a support Expert team of Yahoo Support Number which is availbale for resolving customer query. You can also contact him, if you are facing any kind of issue related to Email.
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital Shadows,  8/23/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15540
PUBLISHED: 2019-08-25
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
CVE-2019-15538
PUBLISHED: 2019-08-25
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a ...
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.