The Potential Perils of OpenPGP
About a year ago, I wrote this post on PGP. I showed you the basics of how PGP works, what software uses it, and how it is used to protect your emails and your files. I also told you that the official PGP software was owned by Symantec; software intended for the average person used an open source version called OpenPGP . As I said in my original post:
PGP may seem complicated at first, but once you get the hang of it you’ll realize it’s not so hard after all. The peace of mind is worth it in the end.
Little did I know what was coming next. In May and June of 2018, two major vulnerabilities in OpenPGP were made public. The possibility of an attack occurring isn’t the same thing as the probability of an attack occurring. But if you’re relying on OpenPGP for your safety, you can’t afford to take chances. I’m going to tell you what they are, and how you can fix them.
What is Efail?
Efail was discovered by researchers from Münster University of Applied Sciences, Ruhr University Bochum, and NXP Semiconductors. This is their website, which also contains a link to the original paper in case you’d like to read it for yourself. It’s actually two different problems:
Direct Exfiltration
Direct exfiltration exploits HTML encoding in emails. Lots of organizations use HTML in their emails to make them look like webpages – links, animated GIFs, and photos. In order for this to work, animated GIFs and photos must be loaded from a remote source. Direct exfiltration abuses the HTML <img> tag, which is used to display images.
The <img> tag is left unclosed at the beginning of the image, which turns the entire message into one long hyperlink to the attacker’s website. That’s how the attacker gets the entire message unencrypted. Email programs that can be affected by this are Apple Mail, iOS Mail, and Mozilla Thunderbird. In fact, Apple and iOS mail load images by default. Here’s how to fix the problem.
Apple Mail
-
Go to the Mail menu.
-
Select “Preferences.”
-
Click the Viewing tab.
-
Uncheck the box for “Load remote content in messages.”
iOS Mail
-
Go to the Settings app.
-
Select the “Mail, Contacts, Calendar” option.
-
Tap the switch next to “Load Remote Images.”
Mozilla Thunderbird
Thunderbird is a free email reader made by Mozilla, the same organization that made the Firefox web browser. Unlike Apple and iOS Mail, Thunderbird prevents HTML elements (or “remote content”) from loading by default. If remote content loading has been turned on, here’s how to turn it off again.
- Go to the Tools menu.
-
Select Options.
-
Go to the Privacy tab.
-
Uncheck “Allow remote content in messages.”
CBC/CFB Gadgets
CBC stands for Cipher Block Chaining, while CFB stands for Cipher Feedback Mode. These are both processes used by encryption programs. OpenPGP uses CFB while CBC is used by S/MIME, a way of adding things to email that aren’t plain text, such as email attachments and encryption keys, which are needed to make digital signatures.
The authors of the Efail paper say that these processes provide “malleability of plaintext.” In other words, both CBC and CFB have properties that allow an attacker to change the text of an email at will. If an attacker knows part of the original text of your email, then they may be able to alter the message by rearranging it or adding additional words.
So, given all this, how can you prevent this kind of attack? Companies are making patches to fix this problem. But in the mean time, you can start by removing your private encryption key from your email program. Then, open your email in a separate program to decrypt it. One example of such a program is Fort.
What is SigSpoof?
SigSpoof was discovered in June 2018 by software developer and researcher Marcus Brinkmann. It’s a way of spoofing the digital signatures in emails. According to Brinkmann, this flaw dates all the way back to 1998.
A digital signature is created with something called a private encryption key. As the name implies, this is a file that only the owner has access to; they use it to sign their outgoing email and open their incoming email. Everyone who has a private encryption key also has a public encryption key. The public key is used to send an email to its owner. Public keys are listed in public databases on the Internet, much like an entry in an old-fashioned public phone book.
The SigSpoof attack lets someone fake another person’s digital signature by using their public key. SigSpoof only works when the “verbose” setting is turned on; this is a troubleshooting mode. Fortunately, the verbose setting isn’t turned on by default. The programs which are vulnerable to SigSpoof are GnuPG, its MacOS version GPG Tools, and Enigmail, a security add-on for Mozilla Thunderbird.
You were probably not affected by SigSpoof if you didn’t make any major changes to the settings in your OpenPGP software. But it’s still a good idea to update your software. The official GnuPG website has a list of all the versions for every operating system. Pick the correct one for your computer and make sure that you’re using the latest version.
As of this writing, the current version of Enigmail is 2.0.8. You can download it from their official website. Keep in mind that it’s only compatible with Mozilla Thunderbird 52 and newer. If you’re using an older version of Thunderbird, you’ll have to upgrade that, too.
No security product is perfect, not even the popular ones that have been around for years, like OpenPGP. The main features of a security program may be easy to use; it’s the back end that can be difficult. There are other factors that have to be considered. If you don’t properly configure it, you could end up with a hole to exploit.
Security is more than downloading some software or buying a subscription to a VPN provider. It’s an ongoing process that must be maintained. It’s always a good idea to reevaluate the things we use to keep us safe to make sure that they’re doing their job.
Sharing is caring: