PGP and S/MIME email decryption program vulnerability announced

[Granular]

A group of security researchers along with the Electronic Frontier Foundation have released a warning about a vulnerability with 'no reliable fixes', which might lead to the plaintext of encrypted emails being revealed.

The researchers and the EFF recommend disabling email client features and extensions which automatically decrypt received emails and to use different encryption schemes until this vulnerability is fixed.

Quote

The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.

Curiously, the blog doesn't mention other usages of PGP encryption, suggesting that the bug is specific to email clients and their extensions.

 

Edit: This tweet by the GnuPG devs confirms it. The vulnerability lies with email programs, not the encryption standards.

Edit 2: The cat or rather the technical details are out of the bag. The attack, named 'Efail' requires the attacker to lay their hands on an intercepted or previously sent email, which they can attach malicious code to, which can trick email clients into sending the decrypted message to the attacker. Here's a handy chart, which notably lists Thunderbird and Apple's native mail clients among vulnerable ones.

 

Even if the bug isn't too serious ( the researchers say it might  lead to exposure of plaintext of emails), it's still terrible news and might drive people to use less robust encryption. EFF suggests Signal, but I don't understand how it's reasonable to identify users with their phone number when that's something telcos and governments can mess with.

 

EFF source

Researcher tweets

Research whitepaper draft

[Bananasplit_00]

ok so what is PGP encryption? i have never heard any talk about it anywhere before

[Granular]

8 minutes ago, Bananasplit_00 said:

ok so what is PGP encryption? i have never heard any talk about it anywhere before

PGP is a program and  a widely used standard for encrypting and signing email messages, software releases and all kinds of other data with private/public key pairs.

It's most commonly used in the information security world ( Microsoft's security update newsletter is comes with a PGP signature for example), but it's also widely recommended to journalists and other people interested in securing their e-mail communication.

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

[ItsMitch]

ProtonMail seem to refute the claims of "vulnerability" as it's been in the wild for ages now. (They're the best in the business when it comes to privacy and email) 

[colonel_mortis]

5 hours ago, Granular said:

EFF suggests Signal, but I don't understand how it's reasonable to identify users with their phone number when that's something telcos and governments can mess with.

Signal is trust-on-first-contact, so intercepting someone's phone when the first connection is established would allow you to set up a man in the middle. However, once that has happened the public keys are exchanged so it isn't possible to start intercepting later without getting security alerts about the encryption key having changed.

PGP doesn't offer any stronger guarantees than that - you have to exchange the public keys in some out-of-band way before the first connection in order for it to work, and most methods that you could use would be vulnerable to the same government level interception.

[flowalex]

Protonmail released a blog post that goes into more detail about efail 

https://protonmail.com/blog/pgp-vulnerability-efail/

[testarossa47]

Does this affect e-mail attachements as well or just the text?

[captain_to_fire]

On 5/14/2018 at 3:49 PM, Granular said:

I'll wait for a software patch. Nowadays I'm getting used to the idea of anything can be vulnerable to attacks because anything compiled by man will always have weaknesses. 

[DrMacintosh]

As good of a time as ever for Apple to spruce up Mail.app I guess  

[Big Head Tech]

My company is an email security company. We use PGP and SMIME but we encrypt based on policies in our infrastructure (we are cloud based). And our policies do not allow for the recipient to decrypt from the plug-in, mail client or any automated level. It has to decrypt from at least the mail server level or before if using cloud based filtering.

[Granular]

17 hours ago, testarossa47 said:

Does this affect e-mail attachements as well or just the text?

The paper says the attacks can exfiltrate 'the full plaintext', which I gather means that if you have an encrypted email which contains an in-line attachment that's not separately encrypted ( encrypted before attaching it), then that could be obtained by the attacker as well.

[suicidalfranco]

On 14/5/2018 at 9:49 AM, Granular said:

Product Red™️ mail app from Apple. Fighting the good fight at every occasion.