Security Bits Logo

Security Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb

Security Medium — The Efail Email Encryption Vulnerability

The latest bug with a cool name and a cute logo is Efail, a mashup of the words email and fail. The bug affects encrypted email sent with both of the common email encryption protocols S/MIME & PGP/GPG.

Under certain circumstances, the bug allows an attacker to trick email clients into sending a copy of the decrypted versions of encrypted emails to a server of their choice. The bug is triggered in the client, so it affects every email opened by the client, regardless of when it was sent, so this bug could allow an attacker to read encrypted emails arbitrarily far back in time.

The bottom line is that this bug only affects people who use S/MIME or PGP/GPG to send encrypted email, and that even then, it’s not an easy bug to exploit. An attackers needs to find a way of intercepting encrypted emails, altering them, and then getting them into the recipient’s mailbox so their client can open them. This bug does not affect the use of S/MIME for digitally signing emails.

As well as this bug not affecting many people, there are also simply mitigations those affected users can take to protect themselves until their email clients get patched — affected users should un-install any third-party plugins they are using for encryption (this mainly affects GPG/PGP users since S/MIME generally has native support in mail clients), disable HTML email, and disable the loading of remote resources. Or, better yet, delete all encrypted emails from your mailbox and switch to an end-to-end encrypted messaging app like Signal rather than trying to secure an utterly insecure system like email.

If you’re curious as to the cause of these bugs, they are two-fold:

The most obvious surface problem here is with the very concept of HTML email — by its very nature HTML relies on the loading of remote resources to load content like images and even JavaScript code. This has always been a privacy problem, and has resulted in many security vulnerabilities over the years. HTML email is just not a good idea from either a privacy or a security point of view. In this regard Efail is nothing new, it just confirms what we already knew — email is too old to secure properly, and that goes double for HTML email.

At a deeper more fundamental level the real problem is with the design of S/MIME and PGP/GPG. Both are old protocols, and we’ve learned a lot since they were codified literally decades ago. We now know that for encryption to be secure there must be a mechanism for validating that the encrypted version of the message was not altered in transit. In other words, all encryption algorithms should provide authentication as well as encryption, and these older protocols simply don’t. These attacks rely on altering the encrypted message and then getting the client to decrypt that booby-trapped version of the original encrypted message. If these protocols supported message authentication clients would detect that the encrypted file had been altered in transit and never even tried to decrypt it, hence utterly neutering the threat.

So, ideally two things will happen. Firstly, and hopefully quickly, mail clients will get updates to protect against this specific attack vector. Secondly, the S/MIME & PGP/GPG email encryption standards will get updated bring them into line with modern best practices. The former seems very likely, the latter however, not so much. I think encrypted email is simply dead, replaced by modern end-to-end encrypted messaging apps.

Links

Notable Security Updates

Notable News

  • 🇺🇸 A US appeals court has ruled that suspicion-less searches of electronic devices at the US border is unconstitutional — www.eff.org/…
  • Row Hammer Attacks get more potent (Editorial by Bart — this is to be expected, as Bruce Schneier would say ‘Attacks always get better; they never get worse’. But don’t panic, it’s not time to set your hair on fire just yet! These new variants are proofs-of-concept that only work under carefully controlled conditions, so they don’t post a real-world threat … for now at least).
    • Security researchers announce Glitch, a new RowHammer variant that works over the web on old versions of Android under carefully controlled situations — nakedsecurity.sophos.com/…
    • Security researchers announce ThrowHammer, a new RowHammer variant that uses direct memory access by network cards to remotely execute a RowHammer attack. The attack can be triggered using JavaScript on a web page. ATM this is just a proof-of-concept the only works under carefully controlled conditions — arstechnica.com/…
  • 🇺🇸 The FTC has reached a settlement with budget Android phone maker Blu over their egregious privacy violations — they will implement proper security and privacy, and be audited by an outside party for 20 years, but there will be no fine — nakedsecurity.sophos.com/…
  • WhatApp and other messaging apps on Android and iOS hit by so-called text-bomb — a message containing hidden unicode characters that crashes the app. The WhatsApp bug seems to be the same thing being reported as the black dot bug in Messages. Some reporting has completely over-hyped the problem, saying it ‘destroys phones’, it doesn’t, it’s just an annoyance, and you can easily recover from it — nakedsecurity.sophos.com/… & www.macobserver.com/…
  • Google updates its privacy notices and settings to better explain what it does with your data, and to give you more control — www.imore.com/… & 9to5mac.com/…
  • Google are updating their contract with Android OEMs so it becomes a condition of their license that they provide ‘regular’ security updates. The announcement did not give details — nakedsecurity.sophos.com/…
  • An investigation by The New Scientist has found another Facebook app that was fraudulently hoovering up personal data, this time it’s myPersonality, and it collected data on 3M users over 4 years — nakedsecurity.sophos.com/…
  • 🇺🇸 The EFF have given their backing to bi-partisan legislation that would outlaw forced back-doors — www.macobserver.com/…
  • The US Senate has voted to restore Net Neutrality, but it’s unlikely to result in the actual restoration of net neutrality. The US House of Representatives would also have to pass the bill, which seems very unlikely, and then President Trump would have to sign it, which also seems unlikely — www.imore.com/… & www.macobserver.com/…
  • Twitter announced that they have updated their algorithms so that users engaged in negative behaviours will have their tweets pushed down lower in people’s streams — www.imore.com/…
  • Security researchers have found a common programming bug (which they’ve named ZipperDown) that they estimate affects about one in every ten apps in the iOS app store, and many Android apps too. Details are sparse as the researchers are keeping the details to themselves until developers have had time to fix their apps. On un-jail-broken devices the app sandbox does successfully contain the exploit, so as things stand, the danger to end-users is small — nakedsecurity.sophos.com/…

Suggested Reading

1 thought on “Security Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb

  1. Donald Burr - May 22, 2018

    There’s one part of the so-called “Efail” vulnerability that baffles me. Or maybe I am misunderstanding something more fundamental? I thought one of the big selling points of SMIME, PGP, etc. is that they also include Digital Signature, meaning that a message is cryptographically checksummed and signed, and so you could tell if it was authentic and undamaged. So if someone were to intercept an encrypted message and insert the Efail attack code, would that not cause the AOOGA-AOOGA alarms to sound?

Leave a Reply

Your email address will not be published.

Scroll to top