Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attention PGP Users: New Vulnerabilities Require You To Take Action Now (eff.org)

Posted by msmash on from the security-woes dept.

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. From a report: EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).

In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Further reading: People Are Freaking Out That PGP Is 'Broken' -- But You Shouldn't Be Using It Anyway (Motherboard).

10 of 129 comments (clear)

  1. Re:Holy shit! by Kenja · · Score: 4, Insightful

    Isn't this supposed to be a peer reviewed...

    Yes... which is how we know about the problem and can address it. Open Source isn't magic.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. Or any other encryption by jbmartin6 · · Score: 5, Informative

    The problem is the clients decrypt, then process any external requests for content. So if you can re-send an encrypted email with an external content request added to it, the client will happily decrypt then send the content request with your precious decrypted content. If you globally disable fetching any external content you don't have to worry. The encryption protocols all work fine, it is the behavior of the clients after the decryption that is the problem. So S/MIME would be affected too, or potentially any other encryption tool. Refusing to load any external content under any circumstances is good advice anyway.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    1. Re:Or any other encryption by xxxJonBoyxxx · · Score: 5, Informative

      ^^^ THIS ^^^ - PGP and SMIME are still fine. It's that dumb-ass software put secure (decrypted) and non-secure content into the same pot, and let the non-secure content broadcast the secure content out.

      This site has the actual details (and paper): https://efail.de/

      "EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago. The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker."

  3. Re:Holy shit! by Anonymous Coward · · Score: 5, Informative

    Isn't this supposed to be a peer reviewed protocol that was guaranteed to be secure? How long has this program existed? Holy shit.

    The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.

  4. Some advice is worth what you paid for it by ugen · · Score: 5, Informative

    Yes, indeed, some advice there. Because there is some potential for bad actors to possibly decrypt some of the PGP encrypted messages, if said messages include HTML with links to 3rd party sites (which your email client must display automatically), you need to **completely disable** email encryption. Then all of your email becomes clear text and, fully readable by anyone without effort, and thus you are completely safe from that vulnerability. SMH.

    That wonderful advice is brought to you by researchers in no way sponsored by NSA or any other 3 letter agency.

    For those worried - make sure your email client does not automatically display any embedded HTML links (or, better yet, just turn off HTML formatted email). I believe this is the default for Enigmail encrypted email anyway. Use plaintext, and you are as safe as cryptography allows. (I believe Enigmail authors posted a message to that effect).

  5. Re:Weird Advice by Kiliani · · Score: 5, Interesting

    The key word was *automatically* – although it is not always clear in the press what you are supposed to do. So confusion will abound. No surprise there.

    In the end, you can still use PGP, but you have to do more work to be safe. I think, if you understand how to use PGP to begin with, you can probably help yourself for now. If not, well ....

    In your terms: keep your locks. But disable the remote locking feature (take the battery out) and don't use your app to lock your house - use your good old key you stored away in a box a long time ago. Yes, you will have to do actual work. And yes, someone can still break in - probably through the window. Or by kicking in the door ...

    --
    Do your own thing. And overdo it!
  6. Bad HTML Mail Clients by Xoc-S · · Score: 4, Interesting

    I'm no security expert, but allowing HTML mail to arbitrarily download embedded graphics in a mail client is just dumb. From my reading of the articles, doing that doesn't disable the problem, but keeps the information from escaping back to the malicious parties. This is a mail client problem triggering PGP to decrypt, then allowing the information to escape through embedded graphics, not a fundamental problem in PGP itself. Turning off HTML mail support at the client and just taking the text representation of the message looks like it completely defeats the hack. Tell me if I'm wrong.

  7. Problem is in the MUAs, not really in OpenPGP by freax · · Score: 5, Insightful

    From https://lists.gnupg.org/piperm... :

    > 1. This paper is misnamed.
    Indeed
    > 2. This attack targets buggy email clients.
    Exactly
    > 3. The authors made a list of buggy email clients.
    Well said.

    The MUA should not allow *any* utilization of HTTP when rendering a HTML E-mail. Any form of doing that is a serious mistake. Not only because of what is reported here, but also because that way *that* use of HTTP will allow spammers to identify when you open the E-mail. They use that to know if your E-mail adress is still alive.

    Serious MUAs don't do this without user consent. Most HTML components even have a explicit offline mode exactly for that reason. Meaning that they won't automatically go online and fetch things like the src url of an IMG.

    Any MUA that does this without user consent is completely and utterly wrong. Especially in a security sensitive context. This is something most MUA developers know about and if not, should know.

  8. Re:Final straw. Computers are NOT secure. I'm done by Carewolf · · Score: 5, Informative

    PGP is broken now? It's only had fairly infrequent and minor issues over time. If this is broken now, then it's the final sign that anyone who thinks computers can be secured is wrong. If you want something secure, write it down in a notebook. It'll be about 100x more secure than putting it on a computer simply by not being networked. Even if someone steals and reads your notebook it's better than someone having it on their phone (or PGP, now I guess) for the ENTIRE WORLD to come along and steal. Computers are great for games, everything else is debatable.

    PGP is not broken. The way a few bad email clients are using it is broken. If you are not using Thunderbird you are safe with PGP. While S/MIME is comprised in every email client except modern Outlook, KMail, and mutt.

  9. Re:Holy shit! by Carewolf · · Score: 4, Informative

    Isn't this supposed to be a peer reviewed protocol that was guaranteed to be secure? How long has this program existed? Holy shit.

    The problem is in how email program plugins handle the mail after it's been decrypted, not in the underlying PGP/SMIME code.

    And only for HTML emails, and only in Thunderbird, Apple Mail, Postbox and Airmail. So if you are using a better email client especially a non-Mac one you are fine.