Encryption is essential
The fact that information and IT security has attracted a lot of attention in mainstream media in recent years is a positive development. The more often we hear about something, the greater our awareness becomes. Unfortunately this has an unpleasant side effect. As the saying goes, no news is good news which also means that bad news takes up a lot more space in the media. Two weeks ago, the eFail vulnerability was reported in encryption clients (CVE-2017-17688 and CVE-2017-17689). By exploiting eFail, an attacker can intercept encrypted communications in plain text under certain circumstances This is certainly newsworthy as eFail will work regardless of which email client or which encryption standard (PGP or S/MIME) is used. It is even completely independent of the encryption algorithm as this is not targeted by the exploit.
eFail exploits poorly implemented encryption standards in email clients. Information security consists of three objectives: Integrity, confidentiality and availability. Encryption is a popular method to ensure confidentiality. Integrity, on the other hand, is a side effect of encryption. If an encrypted text blob is modified, it can no longer be decrypted and it is clear that the integrity has been compromised. But what if the part of the message is changed before the blob is encrypted? This is exactly what eFail does. First, the message is intercepted by a man-in-the-middle attack and the lead-in is changed. Sebastian Schinzel and his team, who published the attack, succeeded in inserting numerous exfiltration commands into emails. These can be embedded in HTML code with a reference to an image or another object. Ultimately, this results in the email client sending the decrypted text to a host under the control of the attacker.
eFail works because the client fails to check the integrity of the email properly; if it checked the entire email, it would be impossible to insert malicious code. Both S/MIME and OpenPGP lack an integrity check. TLS has supported integrity checking for a long time, so this isn’t a technical problem. There are also implementations such as Modification Detection Code (MDC) for OpenPGP, but many clients still do not use MDC, or use it inconsistently. Nevertheless, OpenPGP-based clients can be fixed with very little effort, S/MIME requires more work.
So much for the facts, but that's not what this blog post is primarily about. Vulnerabilities in email clients are one thing, but how they are communicated is another. The publication of the eFail vulnerability was widely criticized. as the announcement was made too early and did not not contain enough specific information. In fact, many articles advised users to deactivate the plugins or remove them completely. Although compromised encryption is one of the worst vulnerabilities imaginable, eFail didn't seem that dramatic. Firstly, the man-in-the-middle attack needs to succeed and secondly, the attack vector can be considerably reduced by configuring the email client correctly.
The premature publication and many, superficial articles gave the impression that encryption is no longer effective. This is not the case, even if there is a long overdue need to refine encryption tools, especially when used to protect email. Meanwhile, every encryption manufacturer has published instructions for secure configuration, and updates are available for most software. The fundamental problem that encryption is too complex to implement and that it is lagging behind the technical possibilities does not change anything. One can only hope that such incidents will strengthen the willingness of manufacturers to implement encryption more progressively. The encrypted messaging program Signal is a good example of how to get it right. Signal is already available for all major mobile operating systems as well as for Mac, Windows and (Debian) Linux. An extension for Outlook would shake up the market and significantly increase the general level of security in communication.