The most popular secure email program Pretty Good Privacy (PGP) is in hot waters as researchers at a German university allegedly found vulnerabilities in the secure email program that could possibly enable one to break into the system and read encrypted emails.
PGP is widely used across the world as a secure way of sending emails and used especially by journalists, human rights defenders or businesses for confidential communication.
However, the revelation by researcher Sebastian Schinzel, at Munster University of Applied Sciences has sent shockwaves. Initially, the researcher only revealed that vulnerabilities were found in PGP that could allow one to read encrypted emails. He also stated that since there was no fix of the vulnerability, people should disable it altogether.
The panic mode was turned on when a reputable organization Electronic Frontier Foundation said that they confirmed that the vulnerability was present and called for disabling PGP. They also listed a series of steps to disable the encrypted email system. In its blogpost, EFF said:
“EFF has been in communication with the research team and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.”
Initially, the researcher said that findings of the paper will be shared on May 15, only to later publish the paper on the website.
However, a digital security expert named Furhan Hussain talking to this scribe said that the matter was blown out of proportion and should not have been sensationalized in this manner. He said that there were definitely problems in the security feature of the secure email program but was not likely to affect users at mass level.
“Firstly, the researchers did not talk to the GPG and Enigmail. The issue is with email clients not with PGP itself. In any case, the PGP protocol will be upgraded in the long term. Also the vulnerability will not hit those people that were sending emails using PGP using plain text. HTML is vulnerable medium for sending emails and it was never advisable. Those sending emails using HTML using all the rich text could be affected by this vulnerability. But it is important to mention here that this vulnerability was not a mass exploit. It was targeted. You need the cipher text of that person who you want to exploit. The person willing to exploit the person has to inject into that email to exploit it otherwise it would not be possible for him to exploit the vulnerability. Also, the paper is out and after reading it, we have found out that this matter is not the end of the world. In fact, there is a defense built into the PGP system. When this defense is not used, then the vulnerability comes into play.”
Meanwhile the researcher Sebastian insisted on his twitter profile that they contacted the developers of the secure email.
We did contact them. Werner from gnupg simply forgot. See his other posts.
— Sebastian Schinzel (@seecurity) May 14, 2018
The issue has been trending on twitter under #Efail. Some of the views on this matter are listed below:
Certain conditions have to be met.
1.) Attacker needs you’re ciphertext
2.) HTML has to be enabled. (2/x) #efail— hakan (@hatr) May 14, 2018
#efail tl;dr: nothing to worry about if you’re up to date. The advice given by journalists not to use PGP is *wrong*. It’s better than non encrypted e-mails. Do use PGP if you need too. Just keep your mail client updated! https://t.co/b97AW2OP2R
— x0rz (@x0rz) May 14, 2018
As expected: #efail is a bit nasty but not as critical as it has first been claimed. Pushing incomplete information to cause panic seems to be the new game in it-security. This is something we really should talk about. https://t.co/zR7wbB9K3j
— Falk Garbsch (@Nexus511) May 14, 2018
I understand that it is advisable to disable PGP extensions at this time, but it would be really cool to know where the root cause of the problem lies. Is this an issue with how PGP is implemented, or has PGP been cracked? #efail
— Zack✌ (@nvemb3r) May 14, 2018
Long thread. If you want to know the high-level details of the Efail attack, read. Yes, it was embargoed; yes, we were respecting the embargo; but links to the paper are now easy to get, so… here goes. 1/
— Robert J. Hansen (@robertjhansen) May 14, 2018
This is at its heart a malleability attack on OpenPGP’s cipher feedback mode. These attacks aren’t new. The IETF OpenPGP Working Group first knew about them in 1999. By September 2000, GnuPG had a defense. 2/
— Robert J. Hansen (@robertjhansen) May 14, 2018
The defense is called a Modification Detection Code, or MDC. Originally MDCs were optional. Today they’re the default. The Efail attack requires an MDC either be missing or be invalid. 3/
— Robert J. Hansen (@robertjhansen) May 14, 2018
You *can* manipulate a message with MDC into being one without MDC. The Efail authors are right there. So let’s see what happens when GnuPG sees a message without an MDC. pic.twitter.com/BP0q4JZLQG
— Robert J. Hansen (@robertjhansen) May 14, 2018
As you can see in the last line, you get a very clear message. “WARNING: Message was not integrity protected.”
After that, it’s up to your email client to do the right thing. 5/
— Robert J. Hansen (@robertjhansen) May 14, 2018
Your email client should refuse to render the message. If it ignores the warning or does the wrong thing in response to it, then yes, the Efail attack is very real. So it’s really more fair to say this is an attack on poorly-written clients, not OpenPGP. 6/
— Robert J. Hansen (@robertjhansen) May 14, 2018
The OpenPGP spec does technically allow for non-MDCed messages. It has to for backwards compatibility reasons. But no modern OpenPGP client should silently ignore missing/malformed MDCs. No modern email client should ignore the OpenPGP client’s warnings. 7/
— Robert J. Hansen (@robertjhansen) May 14, 2018
GnuPG has given warnings on missing/malformed MDCs for years. And although the Efail authors did find some problems in Enigmail — for which we’re deeply sorry, and plead that we’re only human — we fixed them months ago. 8/
— Robert J. Hansen (@robertjhansen) May 14, 2018
If you’re using a recent GnuPG and Enigmail 2.0 or later, you should be fine. If you’re not, consider this an object lesson in the importance of upgrading your security-critical software. 9/
— Robert J. Hansen (@robertjhansen) May 14, 2018
Saying that the issue isnt with pgp and is just with how everyone is using it is a fairly hollow way to mitigate concern. If literally no one knew this was a problem, I’m sure plenty of users will be vulnerable. #pgp #efail
— david thomas (@daveX64) May 14, 2018
Efail is a prime example of irresponsible disclosure. There is no responsibility in hyping the story to @EFF and mainstream media and getting an irresponsible recommendation published (disable PGP), ignoring the fact that many (Enigmail, etc) are already patched.
— ProtonMail (@ProtonMail) May 14, 2018
Talal Raza is a Program Manager at Media Matters for Democracy. He has worked with renowned media organizations and NGOs including Geo News, The Nation, United States Institute of Peace and Privacy International.
