Ahead of a full release of details on May 15, European researchers and the EFF are providing an early warning that messages encoded with PGP/GPG and S/MIME are vulnerable to a set of serious security vulnerabilities — an issue impacting over 20 email clients. As there are “currently no reliable fixes for the vulnerability,” the researchers are advising users to immediately disable the encryption within individual email clients and use other methods to send their secure data for now.
While the exploits are quite technical in nature, they fall into two categories: “Direct Exfiltration” and a “CBC/CFB Gadget Attack.” Direct Exfiltration affects Apple’s macOS and iOS Mail clients, as well as Mozilla’s Thunderbird, enabling an attacker to send an email that automatically decodes and shares a victim’s encrypted message content in a reply. Researchers believe a simple patch will be able to address this issue, though it’s presently quite easy to exploit.
By comparison, the Gadget Attack affects a much wider variety of mail clients, including Microsoft’s Outlook, but ranges in efficacy based on whether it’s used against PGP or S/MIME encryption. Against PGP, it apparently works only once per three attempts, but against S/MIME, a single email can crack up to 500 messages at once. While the researchers say each mail client vendor can come up with individual mitigations, they suggest that the underlying specification for OpenPGP and S/MIME will need to be fixed over the long term.
For the time being, the EFF urges users of mail clients to follow these guides to temporarily disable PGP and S/MIME email encryption, as doing so will prevent attackers being able to use the exploits to decrypt and gain access to private emails:
Additional information is expected to be published tomorrow at 12:00 a.m. Pacific. Modern mail clients will likely begin to receive individual patches to address the vulnerability over the next few days.
Updated May 24 at 5:38 a.m. Pacific: Members of the PGP team have pushed back on the claims that PGP itself is broken or vulnerable, issuing statements that while the listed apps have issues, PGP is fine.
“EFF recommended that users disable PGP plugins or stop using PGP altogether,” the PGP team said in a statement. “This is akin to saying, ‘Some locks can be broken; therefore we must remove all doors.’ This is particularly dangerous because it can put at risk individuals who rely on PGP encryption for security.” PGP’s recommendations include updating to the latest PGP version, and ensuring “everyone you communicate with” is using an unaffected PGP implementation.