Is Ciphermail save against "Efail"?

Hello,

today a new threat againts encrypted e-mail (PGP and S/MIME) is in the news:

https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now

From what i understand the basic problem is that it is possible to
inject special data in already encrypted e-mail, which than will be
reported back after decryption with HTML URLs to the attacker and can
be used to derive the key used for encryption.

So i guess one would need the following conditions to be true for the
attack to succeed

- The MUA access external URLs to load content in HTML e-mail (automatically)

- The e-mail will be decode despite the altered content (not vaild
signed at least)

- Probably many e-mails are needed to get the oracle attack to work?

So for Ciphermail there should be no direct problem because it does
not "read" the e-mail or obey URLs in the e-mail? But the question
remains if there is a possibilty to prevent the "vulnerable" clients
againts attack e-mail passing Ciphermail by not decrypting them or
something like that?

Maybe i'm totaly wrong, but thanks for any feedback on this

Regards

Andreas

I'm still investigating the actual vulnerability but from what I have
read I would say it's more a vulnerability in email clients which can be
exploited to get parts of the plain text from a previously sent email.

To be vulnerable, the mail client should automatically retrieve remote
information (for example images or CSS files). Allowing your mail client
to automatically retrieve information from remote sources is strongly
discouraged anyway because it can also be used by trackers (1 pixel images).

The vulnerability is that an attacker can create an email containing
previously encrypted content which is then decrypted. The decrypted
content however is embedded into a link (image, css etc.). If the mail
client then tries to retrieve the remote link, it sends the URL (which
contains part of the email). The attacked then retrieves the link and
can extract the text.

To mitigate this, the first step would be to disallow your mail client
to retrieve remote content (so block loading remote content).

I will do some further analysis and see whether a server side fix can
work around the issue.

Kind regards,

Martijn Brinkers

Zitat von Martijn Brinkers via Users <users(a)lists.djigzo.com>:

The vulnerability is that an attacker can create an email containing
previously encrypted content which is then decrypted. The decrypted
content however is embedded into a link (image, css etc.). If the
mail client then tries to retrieve the remote link, it sends the URL
(which contains part of the email). The attacked then retrieves the
link and can extract the text.

Hm, ok. This will be an even more bogus attack i guess. I was
suspecting something like a advanced padding oracle attack used to
decrypt the message, but they simply trick the client to decrypt AND
send back the content.

HTML e-mail is a security nightmare, automatically loading external
content is even worse and encrypting the whole shit does not solved
the problem at all. So nothing really new in this case.

As stated here : https://www.efail.de/

What are the EFAIL attacks?

The EFAIL attacks break PGP and S/MIME email encryption by coercing
clients into sending the full plaintext of the emails to the attacker.

But at least for Thunderbird one have to alter the default setting to
automatically load external content.