S/MIME and PGP Email Encryption Flaws Affecting Millions Discovered by EFF

Yolanda Curtis
May 14, 2018

"We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails that abuse existing and standard-conforming backchannels, for example, in HTML, CSS, or x509 functionality, to exfiltrate the full plaintext after decryption". While the researchers say each mail client vendor can come up with individual mitigations, they suggest that the underlying specification for OpenPGP and S/MIME will need to be fixed over the long-term.

American organization for the protection of civil rights EFF has confirmed this information and also recommended to disable or uninstall the software to fix the vulnerability.

S/MIME is relatively commonplace in enterprise email networks, making this vulnerability particularly concerning. The Electronic Frontier Foundation advises to immediately disable all email tools that automatically decrypt PGP.


The vulnerability requires several steps for an attacker to intercept encrypted emails, but reveals a crack in PGP's armor.

While the requirement that attackers have access to previously sent e-mails is a an extremely high bar, the entire objective of both PGP and S/MIME is to protect users against this possibility. "However, the very goal of PGP or S/MIME encryption is the protection against this kind of attacker".

Sebastian Schinzel, one of the researchers, promised in a Tweet to provide more details of the vulnerabilities on May 15.


There are two different types of attacks included in EFAIL.

"If you use PG or S/MIME for sensitive information then this is a big deal", Matt Green, a professor specializing in encryption at Johns Hopkins University, told Ars on Monday. Hopefully affected vendors have been contacted in advance, so make sure that when the inevitable product updates and mitigation patches are pushed out you install them as quickly as possible. The attacker's server logs the request and now has a copy of the decrypted content. "Disabling the presentation of incoming HTML emails in your email client will close the most prominent way of attacking Efail". Anyone who wants their email communication to be secure and private should take notice.

Beyond short term mitigations, there are longer term efforts that will need to happen in order to fully secure S/MIME and OpenPGP based email encryption as well.


German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers.

Other reports by iNewsToday

FOLLOW OUR NEWSPAPER