Security researchers are warning anyone who uses PGP (Pretty Good Privacy) or S/MIME for email encryption to disable the scheme in their email clients right away, and to uninstall tools that automatically decrypt PGP-encrypted email, due to a security flaw. They’ve discovered a critical vulnerability dubbed EFAIL that could allow an attacker to view the contents of encrypted messages in plaintext, including emails that have been sent in the past.
“There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client now,” Sebastian Schinzel, a professor of computer security at FH Münster, stated in a series of Twitter posts on the topic.
We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4
— Sebastian Schinzel (@seecurity) May 14, 2018
In a follow-up blog post, the researchers explained that this is particularly concerning for people who work in “hostile environments,” such as journalists, political activists, whistleblowers, and others who depend on confidential digital communications. They also warned that nation state agencies are known to eavesdrop on email communications.
“EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago,” the researchers said.
Attackers who exploit the vulnerability are able to change an encrypted email in a certain way and send then send the altered encrypted email to the victim. The victim’s email client then decrypts the email and loads any external content, thereby allowing the attacker to view the message.
Disabling PGP and S/MIME are seen as conservative stopgaps until proper mitigation can be applied more broadly.