OpenPGP Knowledge Base (Java, C#, VB.NET examples and solutions)
A few days ago in the world of applied cryptography especially S/MIME and PGP emails has appeared a new threat – the EFAIL attack.
In this post we are not going to explain again details of the attack itself as a lot has already been published on the Internet, but rather explain do you have to be concerned using any of the DidiSoft OpenPGP products.
The EFAIL attack in breaf
The EFAIL attack in short consists of allowing the receiver to decrypt the data and send it via HTTP request to the intruder. In the examples published in the source article this is done with an image tag artificial inserted by the intruder and the decrypted data sent as an HTTP request parameter for the image tag location (assumed to be on the intruder’s web host).
The main target of the attack is S/MIME and PGP encrypted email messages.
First approach (image tag)
The first approach they use is by modifying the email and introducing a new body part before the encrypted email body part, which contains an unclosed image tag.
Our proposed Solution
When implementing email rendering do not allow unclosed tags in a MIME section and perform HTML purification independently for each MIME body part.
Second approach (CBC/CFB gadget)
The second technique, named CBC/CFB gadget attack, exploits vulnerabilities in OpenPGP (CVE-2017-17688) and S/MIME (CVE-2017-17689).
From the EFAIL article the reader may conclude that the second vulnerability is something that a 12 year old boy can do at home:
“Given the current state of our research, the CFB gadget attack against PGP only has a success rate of approximately one in three attempts”
The reality tends to be different though. This is still an unconfirmed threat to PGP/MIME emails. The current Security Focus state regarding exploits is “Currently, we are not aware of any working exploits“. PGP/MIME emails with Integrity protection packet cannot be modified as of the time of this writing.
Our proposed Solution
When receiving PGP/MIME emails DidiSoft products will rise exception whether or not integrity protection has been set on the incoming data.
When sending PGP/MIME emails to other entities using DidiSoft products, please ensure that integrity check has been turned on!
The EFAIL attack exploits weaknesses in the implementation of some PGP email clients. The mass press coverage raised uncertainty in organizations relying on PGP encryption, but the attack targets PGP email client implementations and not PGP encryption as a whole.
We also recommend you to read the one page official answer from the core PGP developers.