EFAIL: Main Things to Know About Critical Vulnerability

The Computer Security Expert Group found a critical vulnerability in popular e-mail public key encryption systems – PGP (and its free alternative GPG) and S/MIME. The EFAIL vulnerability can be used to fully decrypt messages, including those sent earlier. Professor Münster University of Applied Sciences Sebastian Schinzel reported on the problem.

EFAIL allows attackers to decrypt messages without owning a private key. Researchers and Electronic Frontier Foundation urged to temporarily stop using e-mail for the confidential information exchange.

Modern email clients can show not only simple letters that do not contain anything except text, but also letters with HTML-layout – in fact, these are separate web pages. The simplest example is a letter with photos attached. And this is actually a feature that potential hackers can exploit. The attacker intercepts the encrypted message and slightly changes the unencrypted part – as if adding a link to the picture that the recipient has to download. In fact, the attacker inserts the entire encrypted part of the message in this link.

The study showed that many clients are vulnerable to EFAIL – Apple Mail, iOS Mail and Mozilla Thunderbird, etc. The mail client first decrypts the secret part, and only then tries to upload the picture. To do this, it sends a request to the server that is controlled by the attacker: but instead of the path to a particular image, the request contains all the decrypted text. It turns out that the attacker receives a secret letter on his server in a decrypted form. There is another version of the attack arranged in approximately the same way, only a reference to the fake image is injected directly into the encrypted part of the letter.