Security Vulnerability in PGP and S/MIME Clients, Part 2

Matti Suominen

Matti Suominen

Head of Product Cybersecurity

May 14, 2018 at 15:08
Originally published at 15:08 EEST on May 14, 2018.
Note that this article discusses current on-going events and some information may have changed since publishing.

Following the previous blog on the topic, information about the attacks that were dubbed EFAIL just came out. The attack has several variants which exploit both issues in specific clients as well as issues with the standards themselves.


In the previous blog, I mentioned that the reason why attacks that use e-mail are dangerous was that anyone can send e-mails to anyone else easily. This means that if you have an attack that requires no knowledge other than the recipient’s e-mail address, you could potentially attack a massive number of people by going through gigantic lists of leaked e-mail addresses.

Additional details are available from the website:

Fortunately, it seems that this attack isn’t as critical as it could be. To carry out this attack, few things are necessary:

  1. The attacker must have access to the encrypted e-mails which you wrote
  2. You must be using an e-mail client which decrypts PGP or S/MIME messages automatically
  3. Your e-mail client must automatically support HTML e-mails

The first one is the big hurdle. You can’t attack random people without first compromising their encrypted e-mails. For example, you could steal their laptop, gain access to their e-mail account or something similar. This would already require a fair bit of effort if you want to target someone. As such, the attack is mainly interesting for situations where you are targeting someone who really wants to protect the confidentiality of those messages and you stand to gain a lot by compromising them. Doing this against an arbitrary person – or a lot of people for that matter – seems infeasible.

To summarize, if you are using S/MIME or PGP in a situation where your e-mails are critical and someone out there is willing to invest money and resources to get to them, you may want to follow the advice given here by disabling automatic decryption (or HTML e-mail support!) until a patch comes out. Otherwise, odds are that unless your e-mail account has been compromised in the past, people won’t start breaking into them just because this issue came up.

Given that the workaround is quite simple to do (either disable HTML e-mails or disable automatic decryption), it’s still worth it to do so until proper fixes come out. Just keep in mind that the attack is best suited for targeted attacks against high-value individuals.

We’ll follow up on the developments of the issue in case something new comes up which requires a different approach. For now, it’s best to pick the most applicable workaround and apply that until patches come out if you are relying on PGP or S/MIME to protect your e-mails.

Related blogs