A newfound flaw in email clients that use PGP
By injecting malicious snippets of text into encrypted messages, attackers can use the flaw to make the email client exfiltrate decrypted copies of the emails, explained the authors, a team of researchers from three European universities.
Malicious action is triggered as soon as a recipient opens a single crafted email from an attacker, they wrote. The team is comprised of researchers from the Munster University of Applied Sciences and Ruhr University Bochum, both in Germany, and KU Leuven in the Netherlands.
The software defect was found in 23 of 35 S/MIME clients and in 10 of 28 PGP clients tested.
“While it is necessary to change the OpenPGP and S/MIME standards to fix these vulnerabilities, some clients had even more severe implementation flaws allowing straightforward exfiltration of the plaintext,” the researchers wrote.
Client Ignores Bad News
Although the issue is serious, it has more to do with buggy clients at the host than with OpenPGP, Exabeam Chief Security Strategist Stephen Moore he told TechNewsWorld.
Some email clients fail to use the encryption protocol’s native features to stymie the kind of attack described by the researchers, noted Phil Zimmermann, author of PGP and an associate professor at Delft University of Technology in the Netherlands.
“There’s some checking that goes on in PGP. If the email client reacts to the news delivered by PGP that something has been tampered with, then everything will be OK,” he told TechNewsWorld. “But if the client ignores that information, then you get this vulnerability.”
Fixing the flaw in an email client that uses PGP isn’t an onerous task, Zimmermann added.
“I saw someone patch it pretty quickly, within a few hours,” he said.
A patch to address the flaw already has been made for the Thunderbird email client, but not yet for Apple Mail, said Nate Cardozo, a senior staff attorney with the Electronic Frontier Foundation.
“The patch doesn’t close the vulnerability — it just makes it impossible to exploit on a client,” he told TechNewsWorld.
“Emails that are sent from the client are still exploitable,” Cardozo pointed out. “It fixes the receiving end of the vul, but it doesn’t fix the underlying vulnerability in the protocol, which remains.”
When that underlying problem is fixed, it likely won’t be backward-compatible, he added.
Sensitive Info Threatened
Since only a small percentage of email users employ a PGP or S/MIME client, the threat the flaw poses to all users isn’t as severe as it could be, said Alexis Dorais-Joncas, security intelligence team lead at Eset.
“However, it is extremely severe for the vulnerable users and their correspondents, as this threat offers a way for an attacker to access clear-text content of communications meant to be secure,” he told TechNewsWorld.
Of the more than 3 billion email users in the world, only tens of millions use PGP mail, EFF’s Cardozo estimated.
“Those that use it, however, are people like journalists, system administrators and folks that run vulnerability reporting programs at big companies,” he said, “so the type of information that is sent via PGP is usually the most sensitive of sensitive.”
Past Messages Endangered
Adding to the severity of the attack is its ability to access past emails.
“The victim’s mail client can be used as a tool to decrypt old emails that have been sent or received,” Cardozo said. “That’s pretty severe.”
For users concerned about the security of their PGP or S/MIME email clients, Eset’s Dorais-Joncas offered these recommendations:
- Stop using vulnerable email clients to decrypt emails. Use a standalone application.
- Disable HTML rendering and automatic remote content in your email client. This will block the backchannel communication mechanism used by the flaw to exfiltrate cleartext data.
- Look for updates. It is expected that vendors will issue patches to correct some of the flaws exposed by the researchers.