In May, a new vulnerability sent rumblings through security mailing lists. The presented attack is called EFAIL and claims to target emails encrypted via S/MIME and PGP. While the flaws quoted in this finding are serious, there are some details which get glossed over in the general panic.
First of all: While the EFAIL attack is rather simple, it requires the capability to intercept emails. This requirement is rather easy for a state-sponsored actor or an internet service provider (ISP) to fulfil, but it is tough to achieve for a single hacker.
The attack shows that if an attacker can intercept a message and manipulate its content, the attacker may gain knowledge of the content. However, even then the attack only works if the recipient is using a non-standard, if common, security setting in his e-mail client. The attacker is tricking the client on the receiver's side to decrypt the email and then sending the content to a server of the hacker's choice.
To avoid being affected by EFAIL adhere to the following guidelines:
- Disable automatic loading of images or external content (do not enable it even for single sources). Loading external content is disabled by default in most email clients, but many users enable it later.
- Never expect that a colleague sends you emails with external content. While it is a common practice for advertisements to track reading of the emails, it involves having their own public servers providing content. Colleagues do not have external content even when sending emails containing images. Always be on alert if you receive an email with a request for external content.
- Be careful when clicking on links. In regards to this attack, you could say: the longer the link, the more suspicious. The plain text of a message could be sent with a link as well. When hovering over a link, most email clients display the full address. Using links may be dangerous, but in this specific case, you are most likely safe if the link shown is short.
- Never open emails from unknown sources.
- If you receive emails not showing images, click on the link labelled "click here to see mail if not shown properly" provided by almost any advertising company. Clicking there is safer than enabling external content.
- Protect your keys with passphrases. Most clients force the users to do so but then offer to store a passphrase in a built-in store. Storing keys in a built-in store is usually unsafe. It is safer to type the passphrase if needed or use an external password store and require confirmation for the use of a password.
These recommendations are not new and in fact are common security practices. That is why all the settings above are the defaults in most email clients. Tooling helps us a lot to get into a secure state but this attack is a great example of how users may make good tools fail.
Just by the way: If you want to stay safe, you should communicate using plain text instead of HTML or rich text emails. In this format, dangers are not lurking around every corner and merely lose access to formatting your text in bold or italic and adding HTML like links. On the plus side, it makes sure that no-one else has added HTML and steals your emails...
The SMESEC security team