Researchers warn of PGP/GPG email vulnerabilities

Security researchers have warned of an interaction between HTML emails and the popular PGP/GPG family of cryptographic packages which can, in some cases, reveal the plaintext of otherwise-encrypted emails - including previously-sent emails.

Originally developed by Phil Zimmerman, Pretty Good Privacy (PGP) and its offshoot the GNU Privacy Guard (GPG) offer reasonably user-friendly public-key cryptography for message signing, verification, and encryption. Their user friendliness is in no small part thanks to a wealth of third-party add-ons and front-ends, many of which integrate the software into email clients - and it's here that the problems appear to begin.

In a message on social networking site Twitter, security researcher Sebastian Schnizel has warned of 'critical vulnerabilities in PGP/GPG and S/MIME email encryption,' the details of which are being kept private until tomorrow morning. 'They might reveal the plaintext of encrypted emails,' Schnizel warns of the issues, 'including emails sent in the past. There are currently no reliable fixes for the vulnerability.'

Both the researchers and the Electronic Frontier Foundation have taken the controversial step of advising all users of PGP/GPG and S/MIME email utilities which have automatic-decryption functionality to disable or uninstall the software and 'arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.' It's advice which has brought scorn from others in the security community, with security consultant Alec Muffett, a director of the Open Rights Group, taking the EFF to task via Twitter this morning.

More details on the vulnerabilities - along with, hopefully, patches to address the issues - will be released tomorrow morning, Schnizel has confirmed.

UPDATE 20180515:

Full details of the vulnerabilities have now been released on the "efail" website. The vulnerabilities detailed use externally-loaded resources in HTML-format email to exfiltrate plaintext from encrypted emails. Immediate workarounds include disabling decryption in the email client and requiring manual decryption using an external utility - effectively following the EFF's recommendation to uninstall encrypted email add-ons to prevent automatic decryption and thus disclosure of plaintext - and disabling the rendering of HTML emails. Medium-term fixes will come in the form of patches, the researchers have promised, while the long-term solution will be to update the affected standards - OpenPGP, MIME, and S/MIME - to remove the risk altogether.