Vulnerability found in email encryption technique
14 May 2018
Researchers have found a vulnerability in the most common techniques for email encryption: PGP and S/MIME. This announcement was published under the name EFAIL. You can continue to use S/MIME for encrypted email, but it is advisable to adjust a number of settings in your email software and to update as soon as possible.
What does the vulnerability mean?
The published information shows that by intercepting an encrypted email message, and subsequently sending an HTML email to the recipient in which this encrypted message is included, the encrypted content of that message is visible in plain text.
What is email encryption?
Digital signing and encryption of email prevents third parties from intercepting, reading and altering email. For the recipient, a signed and encrypted email guarantees that the message is unaltered and originates from the actual sender. If the recipient has a certificate as well, you can send encrypted email that can only be read by the recipient with their certificate. S/MIME uses digital (commercial) certificates for this purpose. PGP is a widely used open source alternative. Both techniques use public and private keys based on asymmetric cryptography: the sender encrypts an email message with the recipient's publicly available key, and the recipient can then decrypt and read the message with the corresponding private key.
What is the impact of this vulnerability?
Various institutions, such as the EFF (Electronic Frontier Foundation), advise to completely disable PGP for email encryption to prevent the risk of abuse. However, this would mean that email is sent completely unencrypted, rather than encrypting and possibly intercepting and cracking the email. As such, in our opinion, completely disabling PGP or S/MIME is less safe. The impact of the vulnerability also depends on the email client used: Apple Mail (macOS), Mail app (iOS), Thunderbird (Windows, macOS, Linux), Postbox (Windows) and MailMate (macOS) are the most susceptible because these clients, among other things, automatically show images.
What can I do?
There is currently no concrete solution available. However, the impact of the discovered leak is minimal, because an attacker first has to intercept an encrypted email. Until a patch becomes available, you can limit the risk by using a more safe mail client, or by changing settings:
- Among others, EFAIL misuses email clients’ active content capabilities. By switching off the HTML view in your email client, the risk of abuse is significantly limited;
- The vulnerability arises when an email message is automatically decrypted by your email client. If you deactivate automatic decryption, so that decryption is executed by a separate application, you are not vulnerable. To do this, remove the private keys for your certificates from your email client.
Does EFAIL affect other products?
Only S/MIME email certificates for signing and encryption are affected. Public and private keys are also used for SSL certificates and digital signatures for software and PDF signing, but the S/MIME technique is nog. As such, these vulnerabilities have no consequences for these certificates.
Do you have any questions or do you need help? Please contact our support department at 088-775 775 1 or at firstname.lastname@example.org