A group of researchers has exposed a vulnerability in PGP, a popular email encryption standard used by Outlook, Apple Mail, and Thunderbird. Known as EFAIL, the attacks can reveal encrypted emails in plaintext, and also affect the S/MIME standard.
In total, over 20 email clients are affected and there's no reliable fix. The exploits use the victim's own client to decrypt previous messages and return them to the attacker. The proof-of-concept is relatively straightforward and severe, stripping away the protection many rely on. It exploits externally loaded images or styles in HTML emails to steal plaintext via requested URLs.
For now, the Electronic Frontier Foundation is advising users to stop using PGP entirely. Instead, it recommends other secure methods of communication.
“At EFF, we have relied on PGP extensively both internally and to secure much of our external-facing email communications. Because of the severity of the vulnerabilities disclosed today, we are temporarily dialing down our use of PGP for both internal and external email,” said the non-profit.
A Fix Will Take Time
Though clients are rolling out software patches already, a full fix is going to take time. It's possible to fix the exploits that let messages to exfiltrated, updates take time. Both the sender and all the receivers must be up to date to protect the email chain and it's likely this won't be the case for some time.
The scope of the threat is also unclear. It's likely more exploits will be discovered in the coming weeks, and that protections won't fully mitigate the issue. However, other security experts are taking a less panicked approach.
To exploit EFAIL, the attacker needs access to encrypted emails, either by spying on network traffic or hacking accounts, servers, or backup systems.
“If a malicious hacker already has access to your email servers, networks, and such like, there's probably all manner of worse and less convoluted things they could be doing to make your life a misery, steal secrets, and destroy your privacy,” says security advisor Graham Cluley.
He suggests that disabling PGP may put users at greater risk if they don't use a different method of encryption. Whatever the case, the flaw will be a wakeup call too many, and a push towards encrypted messaging services like Signal.