EFAIL, a weakness in openPGP and S\MIME
The next named security issue has hit mainstream press, EFAIL (https://efail.de/) . You may be asked some questions about it over the next day or so.
The crux of the issue relates to the implementation of openPGP and S\MIME and using HTML email formats. It affects a number of products that implement these standards including Outlook, Thunderbird and Apple’s Mail application. There are more though.
It you do not use openPGP or S\MIME encrypted emails, take the day off. This issue will not affect you. However, if like many people you do use email encryption this will likely affect you. There are however a number of conditions that must be met and therefore the attack is not straight forward.
Let us have a quick look at how encrypting email usually works. Alice and Bob want to exchange an encrypted email and they are both using either openPGP or S\MIME email clients.
The private and public keys have been generated, public keys shared and each email client has been set up correctly.
- Alice encrypts the email with Bob’s public key and sends it to Bob.
- Bob opens his email, he’ll be asked for a password to get access to his private key so he can decrypt the email.
That is the normal process.
The EFAIL attack is taking advantage of a weakness in the specification on how that email is processed. The result is that when an attacker has managed to get hold of an encrypted email from Bob’s mailbox, they can craft a new email to Bob, incorporate the “old” encrypted email into the message, send it back to Bob. Bob will decrypt this new message and inadvertently decrypt the old message. The attack uses HTML URL to upload the decrypted message to a third party.
- Eve gains access to an “old” encrypted email,
- Eve crafts a new email set up to exfiltrate the decrypted content to her server.
- Eve encrypts the email with Bob’s public key and sends it to Bob.
- Bob opens his email, he’ll be asked for a password to get access to his private key so he can decrypt the email.
- The data for the “old” email is exfiltrated.
The conditions that have to be met are:
- Have an old encrypted message you want to decrypt, from Bob’s mailbox or captured on the wire.
- Craft a new email to be sent to Bob
- Bob needs to decrypt this crafted message
- Bob needs to have HTML message format enabled (usually the default)
The tricky bit will likely be getting hold of the encrypted message you want to decrypt, but mailboxes are compromised quite regularly today.
Mitigation options:
- Don’t decrypt in the mail client.
- Disable HTML rendering
- Update mail client (some vendors have already or will shortly be updating their clients)
EFAIL, a serious risk? Perhaps not for many of us, but could be used in targeted attacks. Based on your risk profile implement the mitigation options.
Cheers
Mark H - Shearwater
PS if you need more detail, their paper is a good read https://efail.de/efail-attack-paper.pdf
Comments
Anonymous
Dec 3rd 2022
10 months ago
Anonymous
Dec 3rd 2022
10 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
9 months ago