Vulnerabilities have been discovered in PGP and S/MIME that could allow an attacker to read emails encrypted using the standards, with one attack potentially allowing for a message to be decrypted by abusing a flaw in the way Mail for iOS and macOS renders HTML-based messages.
European security researchers have published a warning about the so-called "Efail" attacks, explaining there are two varieties that cause an issue for those using PGP and S/MIME plug-ins to secure their communications in email clients. Vulnerabilities in the OpenPGP and S/MIME standards enable the attacks to occur, which is said to affect emails sent to the victim, including those received months or years ago.
The attacks work by abusing how an email client renders HTML content included in a message, such as by loading externally-hosted images, in an email account the attacker is either capable of accessing or can eavesdrop. The attacker effectively alters one of the acquired encrypted emails, sends it to the victim's account.
When opened and decrypted, the email client accesses the external content, which at the same time send the plaintext sections of the email to the attacker.
The researchers from three European universities write the direct approach can affect "Apple Mail, iOS Mail, and Mozilla Thunderbird," which can be patched to stop the "Direct Exfiltration" method from working. It is unclear if Apple has supplied patches to fix the vulnerability, but it is likely a solution is on the way if it has not yet been deployed.
A second method, termed the "CBC/CFB Gadget Attack," is claimed to affect any standards-confirming email client, and is also patchable. The researchers advise that, in the long term, "it is necessary to update the specification (for OpenPGP and S/MIME) to find and document changes that fix the underlying root cause."
The second method is more involved, requiring the precise modification of plaintext blocks if the attacker knows elements of the message. By changing certain blocks to inject an image tag into the encrypted section, the plaintext message can then get sent to the attacker once the malformed encrypted message is opened by the victim.
To mitigate the attack in the short term, the researchers advise users to disable HTML rendering for incoming messages in email clients. In cases where the email client doesn't decrypt messages, it is advised the best way to open the messages safely would be to use a separate application entirely, as this would prevent the opening of exfiltration channels.
The Electronic Frontier Foundation's advisory also warns users to disable encryption plugins in their clients, including GPGTools for Apple Mail and Enigmail for Thunderbird.
The researchers plan to release full details of the vulnerabilities and the attacks in a paper on Tuesday morning at 3am eastern time. Today's announcement is said by the EFF to be a warning to the "wider PGP user community in advance of its full publication."