PGP-Exploit EFAIL discovered – mailbox.org Guard appears unaffected though
A research team around Professor Sebastian Schinzel from the University of Applied Sciences in Münster, Germany, has announced that they are going to go public with details about a newly discovered vulnerability in PGP on Tuesday this week. This discovery could cause ripples across the Internet, as many modern communication services depend on the asymmetric encryption technology that PGP provides.
There appears to be a previously unknown bug in the implementation of many PGP software programs. If an attacker manages to manipulate an encrypted message prior to transmission, then the content may get transmitted as plain text. In effect, this vulnerability could compromise worldwide e-mail communication, if exploited.
Update: The results have now been published on https://efail.de and further details are provided in a paper (PDF download).
mailbox.org Guard appears to be unaffected for now
At this point, all the checks we have carried out suggest that the PGP implementation of mailbox.org IS NOT AFFECTED. In none of the tested scenarios were we able to replicate the supposed exploit. Any manipulated messages were reliably identified and caught by the Guard PGP system. As a result, no mail contents were transmitted without encryption, which gives us some confidence that the Guard system is probably not compromised like other implementations.
Update: The information provided in their paper alludes to a problem with Mailvelope that is not really new and not related to any mailbox.org services, but a more fundamental issue with Mailvelope and general web browser behaviour.
Precautionary measures that users can take
Some vendors of affected software were informed in advance about the security problem and have taken countermeasures as a result. Although the team of researchers from Münster advises users to disable PGP entirely, we think updating mail clients and PGP tools to their latest versions is always a good idea. As far as we could determine in our tests, up-to-date versions of Enigmail for Thunderbird appear to have relevant fixes in place already.
While the researchers who reported on the vulnerability are asking users to disable PGP, we think there is little justification for such a drastic measure. Why should users keep using PGP? We think no one should disable encryption out of fear of the vulnerability at this point, as this would mean sending messages in plain text anyway. At the end of the day, Man-in-the-Middleattacks are even more likely if messages are not encrypted at all, whereas the number of users targeted by a specific exploit will likely be limited in comparison.
Based on what we currently know, the only way to keep sensitive data secure is to not send them by e-mail at all – with or without PGP. If alternative secure communication channels are available, then that’s a good option but apart from these, users need to realise that general security against interception of encrypted e-mail is currently compromised.
However, the question remains if the problem is really as dramatic as it has been presented in the research publication and the subsequent media coverage. The research group from Münster has promised to release a list of affected programs and versions.
Our recommendation: Users should reconfigure Thunderbird but leave encryption enabled!
It appears that many current implementations are not affected, and it will usually be sufficient to suppress the use of HTML messages to be on the safe side. Based on what our own team was able to find out, Thunderbird can be secured by
- disabling the display of HTML messages on the receiving end
and
- disabling the automatic fetching of web content (Images, CSS files) in messages
Workaround: Disable HTML in Thunderbird!
As an alternative to disabling PGP-encrypted messages entirely, we think it may be useful to switch to the text-onlydisplay of messages in Mozilla Thunderbird:
Thunderbird: How-to
- Make sure this box is UNTICKED:
Edit → Preferences → Privacy → “Allow remote content in messages” - Select the following from the menu bar:
View → Message Body As → Plain Text
Still, it is obvious that the receiver of a message needs to do the above if the settings are to have any effect, and the sender of an encrypted message won’t necessarily know if this has happened. Note that for a possible exploit to work, it is irrelevant if the message sent was in HTML format or not.
For e-mail professionals: DKIM could help but is not widely available yet
If DKIM and DMARC were widely used by e-mail providers, then this would help in the detection of manipulated messages. This goes to show how important the consistent and widespread use of parallel security measures is for digital communication. For good reason, we at mailbox.org have been using these technologies for some time and make sure all outgoing e-mails are properly signed. However, since DKIM is still not used by all providers, the benefits to communication security are rather modest on the wider scale. Also, the few mail clients that do support DKIM are still having problems with preventing the automatic display of a received message when DKIM records indicate that the message has been manipulated. We hope the newly discovered security vulnerability will motivate more providers to adopt these technologies and work hard to further their distribution.
UPDATE: Questionable practices – misleading headlines – PGP is still secure
Considering the fact that 1) non-secure communication that transmits data as plain text is not a solution, 2) users with increased security requirements can use workarounds to avoid the exploit, and 3) many implementations were fixed some time ago or not affected in the first place, we are wondering why the team of researchers at the University of Applied Sciences in Münster engaged in publicising their results the way they did. Those who demand the wide-spread deactivation of PGP encryption are not doing the users and professionals who are concerned about e-mail security any service. It’s quite the contrary, as the resulting media echo has shown.
We can only assume that the researchers may have had an increased desire for publicity and got carried away a bit in the process. Unfortunately, the result was that national newspapers picked up the story to report that „PGP has been cracked“ and other such nonsense. This is not true. PGP encryption has NOT been compromised and is still secure. While a significant vulnerability lies in the handling of HTML e-mails in some mail clients – this problem has been known for a long time.
In the second part of their paper, the researchers reveal what is potentially a real security vulnerability in PGP – however, they also point out that there isn’t actually any known attack that would enable anyone to exploit this vulnerability. Maybe this would have somehow justified a headline along the lines of „PGP has been cracked“. However, the developers of Gnu PGP and GPG4 Win have issued a joint statement explaining that the attack scenario described in the paper was already known in 1999 and fixed in the subsequent year, so that the described exploit has no longer been possible as of summer 2000. So, all that was reported yesterday was just hypothetical false alarm, based on incomplete research, it appears.
As a result, different media outlets have already started issuing correction statements. However, progress is sluggish. The German daily “Die Zeit” simply amended their article heading to defuse the strong wording previously used but still suggests to their readers that PGP encryption has been compromised somehow. This is quite misleading, as those who are not technically-minded or sufficiently experienced to be able to question the media reporting will not realise that it is not the encryption that is at fault (If anything, it is the particular mail client used). But the story continues to resonate in the media and statements like “People need to trust the recipient” and “No one can be sure that an encrypted message may not be openly published somewhere” are not helping at all. It would be much more important to point out that many users lack proper virus protection and keep working with PCs that have been infected by programs that make it a lot more likely for their data getting stolen. If the media outlets’ motivation was to increase circulation of their product, they might as well have used a headline like „Researchers are saying that computers should not be used“. But we’d rather not give them any ideas…