Decades-old flaws can leak plaintext of PGP and S/MIME encrypted emails
Two of the most widely used methods for encrypting email – PGP and S/MIME have been found vulnerable to hacks that reveal the plaintext the encrypted messages carry.
Professor Sebastian Schinzel, a professor of computer security at the Munster University of Applied Sciences warns: “there are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”
The paper released by Professor Schinzel and his fellow researchers includes a proof-of-concept that can allow an attacker to use the victim’s own email client to decrypt previously received messages and then send this decrypted content to himself without alerting the victim.
As described in the paper, the attacker collects end-to-end emails either through a man-in-the-middle attack on the network or by some other means. Then, he manipulates the ciphertext by using malleability gadgets and sends the manipulated email to one of the original receivers, or the original sender. When the victim opens the email in his client, the manipulated ciphertext will be decrypted along with the rest of the text, thus releasing the exfiltration channel (e.g. A HTML hyperlink) that will send the decrypted plaintext as a whole or in parts to the attacker.
Because of the “straightforward nature of the proof of concept, the severity of these security vulnerabilities, the range of email clients and plugins affected, and the high level of protection that PGP users need and expect”, the Electronic Frontier Foundation is advising PGP users to stop using the tool and use other modes of secure end-to-end communication for now.
Instructions have been posted for Thunderbird, Apple Mail and Outlook on how to temporarily disable PGP plugins while the respective software companies come up with appropriate patches to prevent further damage by what has been dubbed the “Efail” attack by researchers.
You can read the details from the security paper here.