New research by European cybersecurity experts has revealed a number of serious vulnerabilities in Pretty Good Privacy (PGP), an email encryption application available on a number of operating systems, including Windows, Mac OS and Android. PGP is one of the most popular email encryption methods for both private users and organisations.
The paper includes a proof-of-concept exploit, which allows an attacker to use the victim’s own email client to decrypt messages and return the decrypted content to the attacker, all without the victim knowing. Researchers warn that this proof-of-concept is only one implementation of this new type of attack and variants are likely to follow.
Methods of Attack
The first attack method is called a “direct exfiltration,” and it exploits how mail clients choose to display HTML to the users. The attacker crafts a message that includes the user’s old encrypted message, and the new message is constructed in a manner so that the mail software displays the entire decrypted message as unencrypted plain text.
At this stage, the client’s HTML parser immediately sends the decrypted message to a server that the attacker controls, thus giving them complete access to content not meant for their eyes. Researchers say the direct exfiltration EFAIL attacks work for both encrypted PGP as well as S/MIME emails.
The paper also highlights methods of the second attack, which it claims abuses vulnerabilities in the specification of OpenPGP and S/MIME to exfiltrate the plain text. This second component of the attack – which researchers refer to as a CBC/CFB gadget attack – allows the attackers to send data blocks that fool the email client into sending unencrypted messages to the attacker’s server.
The Electronic Frontier Foundation has released a statement advising users to “arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.”
The EFF has also offered a series of guides on how to temporarily disable PGP plug-ins. Until detailed information can be released to the public, however, EFF says all measures are temporary and stopgap. On its website, EFF stated:
“These steps are intended as a temporary, conservative stopgap until the immediate risk of the exploit has passed and been mitigated against by the wider community.
“We will release more detailed explanation and analysis when more information is publicly available.”
The researchers have said that users of PGP email can disable HTML in their mail programs to protect themselves from attacks based on the vulnerabilities detailed in the paper. Additionally, they suggest that it is also possible to decrypt emails with PGP decryption tools that are separate from email programmes.
This is an issue of serious concern among the security community, however Federico Charosky, Managing Director at Quorum Cyber, believes that restraint is needed. For attackers to be effective they require a high level of access – something Federico says is “not trivial to achieve”.
He said: “They need to be able to intercept the encrypted messages before they have a chance to decrypt the original content, and also rely on the email client you use (outlook, apple mail, etc.). So again, not all messages are affected by this, nor every user that uses email encryption.”
The issue that needs addressed in the wake of this research is the overall vulnerability of email. Federico says “email was not designed to be a secure protocol, and our attempts to retrofit security to it have not always been successful.”
Federico noted, however, that “encryption is still very much the recommended approach and should be actively pursued as a strategy” and that this vulnerability should not dissuade users from using encryption applications.