Researchers finally revealed the Historical Email encryption based EFAIL attacks that can be exploited this brand new serious vulnerability that affected PGP & S/MIME end-to-end encryption technologies.
Researchers already released an earlier warning about this highly critical security flaw in PGP & S/MIME keys and they advised to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.
Email Based encrypted medium protected using Transport layer security to perform complete confidential communication such as hostile environments which is mainly used by whistleblowers, journalists etc.
This EFAIL attacks can be used to break this additional encryption layer and anyone getting access to their email communication can also read the victims emails even if they use additional PGP encryption.
Also sometime sophisticated attackers will perform an attack called eavesdrop on email communications to steal the many people’s confidential information that is shared over email.
In this case, OpenPGP offers end-to-end encryption particularly for sensitive communication and S/MIME is an alternative standard for email end-to-end encryption to secure the corporate environment from this powerful attacks.
This EFAIL attacks capable of exploiting this vulnerability that has been discovered in OpenPGP and S/MIME which reveal the encrypted Emails in Plain Text.
Here We can see the Affected clients by this EFAIL Attacks on S/MIME clients, PGP clients and Direct exfiltration attacks.
Initially, Attacker needs to access the encrypted emails that can be achieved by eavesdropping on network Traffic, Email based servers, compromising the Backup system, Email Accounts including the Emails that could have been collected a year ago.
According to Researchers, “In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs.
Later attackers influence the crafted Emails from various attacks and modifying the Emails that will be sent to Victims.
The Victims Email client will start to decrypt the Email and the Email content will be exfiltrated as a Plain text if the victims configured his Email client to read the External Resources.
Attacker sends the modified Encrypted Email as a new multipart email with three body parts to the Victims client.
Now Attack will send this Email to a victim then the Victim Email client will Decrypt the second body and stitches the three body parts together in one HTML email.
Here URL spans over all four lines since image tag in line 1 is closed in line 4.
According to researchers, The email client then URL encodes all non-printable characters (e.g., %20 is a whitespace) and requests an image from that URL. As the path of the URL contains the plaintext of the encrypted email, the victim’s email client sends the plaintext to the attacker.
Based on the Researchers analysis 25 of the 35 tested S/MIME email clients and 10 of the 28 tested OpenPGP email clients are affected.
EFail Attacks flaw has been reported already and two official CVE number has been realised.
CVE-2017-17688: OpenPGP CFB gadget attacks
CVE-2017-17689: S/MIME CBC gadget attacks
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…
The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…
Meta has announced the removal of over 2 million accounts connected to malicious activities, including…
Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…