PGP, S/MIME Encrypted Emails Can Be Revealed by Client Vulnerabilities, Researchers Say

Security researchers claim to have discovered a set of vulnerabilities (collectively called Efail) that affect users of certain email clients that utilise PGP (Pretty Good Privacy) and S/MIME (Secure/ Multipurpose Internet Mail Extensions) - two widely used methods for encrypting emails. The security loopholes are claimed to expose the plaintext of encrypted emails to attackers and put even those emails at risk that were sent in the past. Users are advised to stop using tools that decrypt PGP or S/MIME encrypted emails. Researchers say that for now, no reliable fixes are available for the vulnerability.

Sebastian Schinzel, a professor of computer security at Münster University of Applied Sciences, claimed that the latest issues affecting tools that use PGP and S/MIME impact not just new emails but also exposes the encrypted emails sent in the past. "There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now," Schinzel wrote in a tweet.

Schinzel, alongside his fellow security experts at Münster University of Applied Sciences as well as the researchers at Ruhr University Bochum and KKU Leuven, jointly published their research detailing the flaws. "We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails that abuse existing and standard-conforming backchannels, for example, in HTML, CSS, or x509 functionality, to exfiltrate the full plaintext after decryption. The attack works for emails even if they were collected long ago, and is triggered as soon as the recipient decrypts a single maliciously crafted email from the attacker. The attack has a large surface, since for each encrypted email sent to n recipients, there are n + 1 mail clients that are susceptible to our attack," the abstract of the research paper reads.

Electronic Frontier Foundation (EFF) in a separate blog post recommended users to immediately disable email tools that automatically decrypt PGP-encrypted email. "Our advice, which mirrors that of the researchers, is to immediately disable and/ or uninstall tools that automatically decrypt PGP-encrypted email," the EFF team said, adding, users should use alternative end-to-end secure channels, such as Signal, and temporarily stop sending and "especially reading" PGP-encrypted email. Furthermore, separate guides have been provided to disable PGP plugins in Thunderbird, Apple Mail, and Outlook.

Germany's Federal Office for Information Security (BSI) put out a statement saying there were risks that attackers could secure access to emails in plaintext once the recipient had decrypted them.

It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured. Werner Koch of GnuPG, a popular provider of GPG encryption, said the vulnerability was not in the encryption protocols, but rather, in the email clients used to decrypt them. Specifically, if they handle MDC (modification detection code) errors correctly, Koch's colleague Robert J. Hansen said, and the above-named clients appear to be some of those that are vulnerable.

The use of PGP for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the US National Security Agency before fleeing to Russia.

PGP, for example, works using an algorithm to generate a 'hash', or mathematical summary, of a user's name and other information. This is then encrypted with the sender's private 'key' and decrypted by the receiver using a separate public key.

To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient. In addition the mails would need to be in HTML format and have active links to external content to be vulnerable, the BSI said.

It advised users to disable the use of active content, such as HTML code and the loading of external content, and to secure their email servers against external access.

Written with inputs from Reuters