People are Freaking Out about PGP, You Shouldn’t Be Using it Anyway

Well earlier today, security researchers disclosed vulnerabilities, collectively called EFAIL, in how the decryption and display of PGP-encrypted emails are handled in multiple email clients. SecureDrop submissions are not sent via email, and can only be decrypted on the air-gapped Secure Viewing Station, so the content of submissions is not impacted by this vulnerability. This includes the content of messages from and to sources sent via the SecureDrop user interface.

However, SecureDrop does use GPG-encrypted emails for OSSEC security alerts to administrators, and some SecureDrop users receive messages from our support portal that are GPG-encrypted. Beginning in SecureDrop 0.7.0, to be released tomorrow, Tuesday May 15, 2018, journalists can also optionally receive GPG-encrypted alerts about new submissions (these do not contain any submission content or metadata).

How the EFAIL attack works

For one in order obtain decrypted message content, an attacker must first intercept email traffic or obtain encrypted email content by other means. That’s a relatively hard thing to do already, but it’s a threat model PGP was specifically invented to mitigate. The attacker must then send a carefully crafted email to the victim, which includes the encrypted content they wish to decrypt.

In a vulnerable email setup, the email will be decrypted and displayed upon opening it, and in the process, decrypted content will be exfiltrated to an external server. The exfiltration is performed using embedded images, forms, styles, or other HTML content; it may or may not require user interaction.

How you can protect yourself?

The three most important steps you can take to securely decrypt PGP/GPG-encrypted emails are:

  • Apply software updates (both to email clients and GPG integrations such as GPGTools, Enigmail or GPG4Win) as they become available.
  • If enabled, disable remote loading of content within emails.
  • Disable viewing emails in HTML format (opt for viewing emails as plain text instead).

My current understanding of the EFAIL vulnerability, you can safely decrypt email within your mail client if you have taken these steps; however, this high-profile vulnerability may lead to follow-up discoveries, and I will update this post as new information becomes available.