EFAIL - Encryption Vulnerability in OpenPGP and S/MIME


Security researchers discovered a vulnerability in the end-to-end encryption technologies OpenPGP and S/MIME that leak plain text of encrypted emails. The vulnerability has been named "EFAIL" and it affects specific types of email that use OpenPGP and S/MIME encryption protocols.

The vulnerability is actually several years old but has been found to be exploited in new ways, especially by powerful nation-state agencies known to eavesdrop on email communications.

The EFAIL Exploit in Action

The exploit abuses HTML content in emails, for example, loading external images or styles leaks plain text through requested URLs. To create these leaky channels, the attacker first needs access to the encrypted emails. Access can be obtained through eavesdropping on network traffic, compromising email accounts, email server, backup systems or client computers. The emails can even be collected from the past.

The attacker then changes the emails in a particular way and sends the changed encrypted email to the victim. The victim's email client decrypts the email and loads external content, leaking plain text to the attacker.

For detailed specifics on the exploit and how to mitigate the risks if you or your clients have OpenPGP or S/MIME encryption in use, visit the EFAIL website covering the vulnerability.

Relationship to Mailprotector

Mailprotector's Bracket email encryption is a proprietary email encryption solution that does not use OpenPGP or S/MIME. Bracket is not vulnerable to EFAIL attacks.

Mailprotector transports email communications through TLS encrypted connections. Eavesdropping on this type of connection is nearly impossible to do with today's generally available computer processing power.

Encrypted email messages stored on Bracket's servers are encrypted with a proprietary solution with a distributed key infrastructure that makes access to the data nearly impossible without compromising a user's email account and impersonating their digital identity. If a user has been compromised to that extent, most security measures fail.

Partner Mitigation Recommendations

Mailprotector encourages you to learn about the vulnerability from the EFAIL research website.

Clients that may have or still use OpenPGP or S/MIME encryption, particularly with email clients such as Apple Mail, iOS Mail, and Mozilla Thunderbird, should be checked for the vulnerability. These email clients were found to be an easier target for the direct exfiltration of plain text from encrypted emails.

Business clients more commonly use Microsoft Outlook. Clients not on Outlook 2013 or later should strongly consider upgrading to the latest version. The S/MIME exploit does not require user interaction on Outlook 2007 and 2010. The exfiltration channel does require user interaction with Outlook 2013 and 2016, mitigating the exploit a little bit more.

If your clients are using an OpenPGP or S/MIME encryption solution, it may be in their best interest to consider an alternative such as Bracket.

Have more questions? Submit a request