EFAIL – are encrypted e-mails insecure now?
As the chairmen of a German human rights association I‘m familiar with how NGOs handle e-mail encryption and how important it is. Of course the research behind EFAIL points out valid vulnerabilities, but encrypted e-mails aren‘t insecure, you just need to be a little bit more careful now.
„In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers.“ - Source: https://efail.de/
- Not all e-mail clients load img tags or CSS without user interaction. Check out the paper to see if your client is affected: https://efail.de/efail-attack-paper.pdf
- An attacker needs to have access to the encrypted e-mail he/she wants to decrypt:
- MITM: Not a single NGO I know uses SMTP servers that allow unencrypted traffic today. An attacker would need to break TLS to get access to the encrypted e-mail. Sure, that‘s possible but if somebody is able to intercept and decrypt all your TLS traffic you‘re likely pwned already.
- Compromising or seizing e-mail accounts, servers, backup systems or client computers: Of course somebody could simply compromise your e-mail server or client computer but he/she would still need to find the right e-mail because re-sending all your 20k e-mails will be a bit suspicious.
You see there‘re a number of requirements, it‘s certainly not a „encrypted e-mails are insecure now“ case. The worst part of the vulnerability disclosure is the EFF stating:
„Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.“ - Source: https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
You can‘t simply move the whole communication of a NGO to Signal that‘s impossible. A lot of scared NGOs will go back to unencrypted e-mails now, good work!
Just disable parsing HTML mails or use Allow HTML Temp - https://addons.mozilla.org/en-US/thunderbird/addon/allow-html-temp/. Educate your friends/colleagues about the risks of HTML e-mails to make sure your secret message won‘t be leaked on their side. It's well known that HTML e-mails are risky, that's not breaking news.
Nevertheless, as a security researcher I like the elegant way of exploitation, it‘s a great finding and nice research but I don‘t like the way it was communicated.