Major Bugs in PGP and S/MIME Encryption

Around the Web

Serious PGP, S/MIME, Email Client Bugs Could Expose Sensitive Communications

The so-called “EFAIL” attacks exploit vulnerabilities in the OpenPGP encryption program, the S/MIME encryption standard, and the Apple Mail, iOS Mail, and Mozilla Thunderbird email clients, according to a consortium of academic security researchers. In every circumstance, successful attacks could lead to the plaintext exposure of supposedly encrypted email messages. EFAIL attacks, which abuse active HTML content in email messages, require that the attacker have “access to the encrypted emails… by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers.” In successful attacks, the attacker changes an encrypted email so that the email client decrypts the modified email, loading external content in the process, and sending the plaintext contents of the email back to the attacker.

More specifically, one version of the attack, which will have to be fixed by the email clients, enables direct exfiltration of plaintext by abusing issues in Apple Mail, iOS Mail, and Mozilla Thunderbird. An attacker would have to create a multipart email with one part containing a specially crafted HTML tag with a src attribute that is opened with quotes but not closed, a second part containing the PGP or S/MIME cipher text, and a third HTML body part that closes the src attribute quotation referenced above. When the victim’s email client views the email, it decrypts the encrypted email messages, stitches the three parts together, and reaches out to the URL in the src attribute, sending the plaintext email message contents to the attacker as part of the URL path.

The other exfiltration option is both more complicated and more difficult to fix, resulting from vulnerabilities in OpenPGP and S/MIME. Here the attacker has to manipulate cipher block chaining (CBC) gadgets to inject an image tag into the encrypted email text, which, when opened by the victim, exfiltrates the plaintext email contents. The respective attacks on S/MIME and PGP are subtly different in method, effectiveness, and practicality. The best available mitigations are to ensure that you aren’t decrypting S/MIME and PGP emails directly in your email client (but rather in a separate application) and to disable HTML rendering. In the longer term, patches for the mail clients and updates to PGP and S/MIME could become available.

Cryptography Professor Matthew Green did a great job describing the attacks and their impacts in a brief Twitter thread.


This research was set to go public tomorrow, but the researchers decided to publish their work today, reportedly after parts of their research were leaked.

PRB-Backdoor: PowerShell Backdoor Hidden in Macro Laden Word Docs

Researcher Mo Bustami of Secure 0wnage has published the details of a PowerShell backdoor—dubbed “PRB-Backdoor”—on his personal blog. He found the backdoor in Macro-enabled Microsoft Word document that called on the Worker() function, which, in turn, called various other functions before ultimately running a series of PowerShell commands that eventually executed a full-featured backdoor. The backdoor seems to beacon out to a command and control (C2) domain at http://outl00k[.]net, and, beyond connecting to and registering with the C2, its features include the ability to steal browser histories and passwords, write and read files, update itself, open a shell, log keystrokes, take screenshots, and gather system information.

Restaurant Chain Chili’s Announces Breach

U.S.-based restaurant chain Chili’s announced on Friday that it discovered a breach of its payment systems that led to the potential exposure of customer payment card data.

Transform Your Siloed Security Operations into a Holistic Security Operations Program

Get in Touch Group