How To Secure Your Email Now That PGP Is Compromised

If you’ve been using PGP — short for Pretty Good Privacy — to send and receive encrypted emails, it might be time to switch to a different service to maintain the privacy of your communications. A brand-new vulnerability, hilariously called EFAIL, can reveal the contents of your emails (even older emails, in certain cases) in plaintext. Goodbye, secrecy.

Photo: Markus Spiske (Unsplash)

If you just use your favourite email service to send regular messages to friends, read awesome newsletters, or put businesses you’re mad at on blast, these issues don’t affect you at all. You’ll know if you’re using PGP, because the entire premise of the program is based around using public and private keys — huge strings of text — to encrypt and decrypt messages.

Secret messages, ideally, not just funny cat images you want to send to your significant other.

There’s some debate right now about just how problematic the EFAIL vulnerability actually is, since some companies and security-minded folk are noting that if you just ensure you aren’t receiving HTML emails — switch to plaintext, instead — you’ll be fine. As the GnuPG’s Werner Koch writes:

“There are two ways to mitigate this attack
– Don’t use HTML mails. Or if you really need to read them use a proper MIME parser and disallow any access to external links.
– Use authenticated encryption.”

Whether the problem lies with PGP and S/MIME, as the Electronic Frontier Foundation notes, or the email clients themselves, your comfort level with encrypted communications will determine your next steps. As efail.de notes, there are a few techniques you can adopt to mitigate the effect of EFAIL on your secure communications:

“Short term: No decryption in email client. The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels.

This is currently the safest option with the downside that the process gets more involved.

Short term: Disable HTML rendering. The EFAIL attacks abuse active content, mostly in the form of HTML images, styles, etc. Disabling the presentation of incoming HTML emails in your email client will close the most prominent way of attacking EFAIL. Note that there are other possible backchannels in email clients which are not related to HTML but these are more difficult to exploit.

Medium term: Patching. Some vendors will publish patches that either fix the EFAIL vulnerabilities or make them much harder to exploit.

Long term: Update OpenPGP and S/MIME standards. The EFAIL attacks exploit flaws and undefined behaviour in the MIME, S/MIME, and OpenPGP standards. Therefore, the standards need to be updated, which will take some time.”

Our advice? Maybe it’s time to stop using email for encrypted communications. The EFF suggests this as a temporary solution, at the very least:

“Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.”

As Wired described in a 2017 article, apps that feature end-to-end encryption like Signal, WhatsApp, Confide, or even Skype — to name a few — are great for sending protected communications (for now).

While that’s not to say that any of these apps, or even the Signal Protocol they use to secure your messages, are immune to future exploits (of all varieties), messaging apps with built-in end-to-end encryption might be worth considering as an alternative to email for your most private messages.

They aren’t foolproof — especially if someone has a compromised device on the other end — but they’re better than nothing if you can stomach the differences:

No, Signal is no alternative to e-mail (#efail):
– phone numbers (no memorizable, personal, pseudonymous identifiers)
– basically bound to one smartphone
– centralized (no own infrastructure)
– it’s ”chat“, not ”mail“; limited UI (no filtering, sorting, folders, marking)

— Lars Kasper (@LarsKasper) May 14, 2018