German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers.
The use of PGP - short for Pretty Good Privacy - for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russian Federation.
Prior to the leak, Schnizel stated that there were "no reliable fixes", and recommended that affected users disable breached encryption software. "Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email", the EFF wrote in its blog post.
More particularly, the attacks use specially crafted HTML emails that exploit bugs in the way PGP is implemented in some email programs. Against PGP, it apparently works only once per three attempts, but against S/MIME, a single email can crack up to 500 messages at once.
If an attacker gains access to a victim's encrypted emails through methods like eavesdropping or compromising email accounts, EFAIL can be used to "abuse active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through URLs", reads the website detailing the vulnerabilities.
Unlike PGP, S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email-only encryption program. "You are thus only affected if an attacker already has access to your emails".
It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.
S/MIME is relatively commonplace in enterprise email networks, making this vulnerability particularly concerning.
Werner Koch of GNUPrivacyGuard (GnuPG), an open source PGP privacy suite, said the EFF's warning was "overblown" and said he hadn't been contacted. The Efail attacks rely on external communication and if a user is decrypting emails in a standalone application, the risks are somewhat muted.