Researchers Find ‘eFail’ Threat to Email Privacy

Vulnerabilities in the popular PGP and S/MIME email encryption standards could expose plaintext versions of messages to attackers.
Matthew HellerMay 15, 2018

Cybersecurity experts in Europe have identified flaws in the popular PGP and S/MIME email encryption standards that could expose plaintext versions of encrypted messages to hackers.

PGP, which stands for Pretty Good Privacy, has protected the privacy of the messages of journalists, whistleblowers, dissidents, and human rights defenders for decades. S/MIME is an alternative standard for email end-to-end encryption that is typically used to secure corporate email communication.

Both standards can be used with popular email applications such as Microsoft Outlook and Apple Mail.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

But in a paper published on Monday, university researchers from Muenster and Bochum in Germany, and Leuven in Belgium, said they had discovered vulnerabilities — dubbed “eFail” — that use the victim’s own email client to decrypt previously acquired messages and return the decrypted content to the attacker without alerting the victim.

“In a nutshell, eFail abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs,” the paper said.

In the U.S., the Electronic Frontier Foundation, which has relied on PGP extensively to secure its own email communications, recommended that users uninstall or disable their PGP email plug-in, citing the severity of the vulnerabilities.

According to Wired, “Researchers have known about the theoretical underpinnings of the eFail attack since the early 2000s, and some implementations of the OpenPGP standard already protect against it.”

The vulnerability gives a hacker the ability to change an encrypted email in a particular way and sends the changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

In tests of 35 S/MIME email clients, the European researchers found that 25 had plaintext exfiltration weaknesses. Of 28 OpenPGP clients they tested, 10 were vulnerable.

Some experts, however, questioned the EFF’s recommendation.

“As the world’s largest encrypted email service based on PGP, we are disappointed that some organizations and publications have contributed to a narrative that suggests PGP is broken or that people should stop using PGP,” a spokesperson for ProtonMail said.