S/MIME and PGP Email Encryption Flaws Affecting Millions Discovered by EFF

James Marshall
May 14, 2018

The researchers' full findings are scheduled to be released at 7:00 am UTC on Tuesday as part of a co-ordinated public disclosure.

The research paper details multiple approaches for using the vulnerabilities to decrypt S/MIME and OpenPGP encrypted emails.

A group of European security researchers have discovered vulnerabilities that could be exploited to "reveal the plaintext of encrypted emails", including those sent in the distant past, CSO reported. Professor of computer security at Münster Sebastian Schinzel wrote on Twitter that "there are now no reliable fixes for the vulnerability".

They continue that in their model, the attacker is able to collect end-to-end encrypted emails, either through a man-in-the-middle attack on the network, by accessing a SMTP server, by accessing the IMAP account on the server, or by some other means.

Werner Koch, principle author at Gnu Privacy Guard, which is a free implementation of the OpenPGP standard, opened a discussion on the issue in which he said that the attack should not work if authenticated encryption (GnuPG's is called modification detection code, or MDC) is in use, which is the preferred configuration.

"While transport security between mail servers is useful against some attacker scenarios, it does not offer reliable security guarantees regarding confidentiality and authenticity of emails", the researchers state. PGP has been a popularly adopted standard for email encryption.

PGP has always been considered the gold standard for sending secure encrypted emails.

According to a tweet from Schinzel, the vulnerabilities "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past".

Electronic Frontier Foundation (EFF) in a separate blog post recommended users to immediately disable email tools that automatically decrypt PGP-encrypted email. Direct Exfiltration affects Apple's macOS and iOS Mail clients, as well as Mozilla's Thunderbird, enabling an attacker to send an email that automatically decodes and shares a victim's encrypted message content in a reply.

This includes Enigmail for Thunderbird, GPGTools for Apple Mail and Gpg4win for Outlook which all offer to decrypt emails on the fly. This needs to be done in three emails, with the first one opening the HTML tag, the second one containing the encrypted message, and the third closing the HTML tag. Some have criticized the researchers for teasing the vulnerability before publishing their full paper on it, while others have jumped straight to disabling PGP in their email clients.

But while that advice might be easier to implement for anyone who uses and configures their own PGP tools, it fails to address how secure webmail providers might address the flaws.

Other reports by

Recent News Articles

Discuss This Article