We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Attacking end-to-end email encryption

00:00

Formal Metadata

Title
Attacking end-to-end email encryption
Subtitle
Efail, other attacks and lessons learned.
Title of Series
Number of Parts
165
Author
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
In this talk, I’ll present several attacks that leak the plaintext of OpenPGP or S/MIME encrypted emails to an attacker. Some of the attacks are technically interesting, i.e. the two different efail attacks, some are somewhat silly, yet effective. Some abuse HTML emails, some also work with plain ASCII emails. Furthermore, I’ll discuss our lessons learned and describe the efail-related changes to mail clients and the OpenPGP and S/MIME standards.
Keywords
Information securityEmailEncryptionLecture/Conference
EncryptionTelecommunicationLecture/Conference
EmailEmailInternetworkingProcess (computing)Goodness of fitStrategy gameTelecommunicationOrder (biology)Arrow of timeAntivirus softwareEncryptionFilter <Stochastik>BackupConnected spaceGreen's functionTransport Layer SecurityFile archiverServer (computing)Point (geometry)CASE <Informatik>Game controllerLink (knot theory)Binary multiplierComputer animationLecture/Conference
EncryptionInformation privacyClient (computing)EmailEncryptionMeasurementCuboidPublic key certificateInformation privacyCartesian coordinate systemStandard deviationComputer animation
Key (cryptography)Public-key cryptographyKey (cryptography)StatisticsSource codeComputer animation
UsabilityComputerEncryptionEmailClient (computing)SoftwareObservational studyWeb pagePlug-in (computing)InformationNumberEncryptionComputer animationDiagram
Execution unitClient (computing)EmailEncryptionDefault (computer science)Type theoryMultilaterationINTEGRALClient (computing)VideoconferencingOrder (biology)Message passingEmailSource codeComputer animation
Directed setEncryptionSoftware bugDiagram
EmailForcePauli exclusion principleEncryptionClient (computing)Compilation albumVulnerability (computing)Information securityTotal S.A.Monster groupKey (cryptography)Error messageFundamental theorem of algebraSineFeedbackEmailEncryptionPlug-in (computing)Communications protocolPoint (geometry)Computer animation
Monster groupEmailMessage passingEncryptionContent (media)CiphertextRSA (algorithm)EncryptionMessage passingKey (cryptography)CryptographySoftware bugSymmetric-key algorithmPublic-key cryptographyEmailComputer animation
CiphertextAsynchronous Transfer ModeEncryptionMonster groupSystem callBitCategory of beingBlock (periodic table)Exclusive orEncryptionCryptographyOperator (mathematics)MathematicsMessage passingPosition operatorOrder (biology)Vector spaceResultant2 (number)MultiplicationEmailBinary codeType theoryComputer animation
CiphertextComputer iconMessage passingElectronic visual displayPersonal digital assistantElectronic signatureDigital signalSign (mathematics)Identity managementMonster groupCodeAuthenticationCodeCryptographyMessage passingAuthenticationElectronic signatureMereologyCommunications protocolEncryptionDigitizingProper mapMathematicsComputer iconEmailValidity (statistics)Arithmetic meanComputer animation
Key (cryptography)Monster groupEmailContent (media)MultiplicationMessage passingStandard deviationAuthenticationElectronic mailing listEmailInformationEnvelope (mathematics)Content (media)Lie groupEncryptionMereologyKey (cryptography)Computer animation
Block (periodic table)Uniform resource locatorBuildingServer (computing)Content (media)
BootingComputer fontContent (media)Color managementThomas KuhnBeer steinComputer-generated imageryMessage passingRevision controlEmailUniform resource locatorRemote procedure callProof theoryContent (media)RandomizationEncryption
Client (computing)LeakProxy serverJava appletScripting languageEmailFirewall (computing)Medical imagingStructural loadTable (information)Client (computing)ResultantConnected spaceRemote procedure callSoftwareInteractive televisionComputer animation
EmailAndroid (robot)Client (computing)Numbering schemeEncryptionLogicDrop (liquid)Monster groupStandard deviationTime evolution1 (number)Graph coloringInheritance (object-oriented programming)Roundness (object)Connected spaceComputer animation
Gamma functionWechselseitige InformationLink (knot theory)Dynamic random-access memoryCartesian closed categoryMach's principleServer (computing)Beer steinEmpennageMessage passingBitEmailEncryptionSingle-precision floating-point formatComputer animation
Gamma functionData typeConnected spaceProbability density functionComputer fileFile formatUniform resource locatorHexagonEmailComputer animation
Direct numerical simulationDisk read-and-write headInteractive televisionComputer fileMedical imagingVulnerability (computing)File formatStandard deviationSoftware bugComputer animation
Demo (music)WritingBlock (periodic table)EmailDirected setMultiplicationClient (computing)System programmingAlgorithmProcess (computing)Data integrityEncryptionDemo (music)Probability density functionEmailComputer animation
Session Initiation ProtocolAsynchronous Transfer ModeBounded variationOpen setDefault (computer science)Data compressionCodeMonster groupEmailCryptographyClient (computing)MathematicsFile viewerDifferent (Kate Ryan album)Message passingStandard deviationCodeHash functionMereologyAsynchronous Transfer ModeData compressionBitBounded variationComputer animation
Monster groupImplementationVector potentialInformation securityInformation securityEmailImplementationPublic-key cryptographyKey (cryptography)MathematicsServer (computing)SoftwareComputer animationDiagram
Key (cryptography)Session Initiation ProtocolMonster groupServer (computing)Validity (statistics)ImplementationKey (cryptography)MultilaterationEmailSoftware testingStructural analysisStandard deviationType theoryCASE <Informatik>DiagramComputer animation
Execution unitOutlook 2007EmailSession Initiation ProtocolRevision controlMonster groupEncryptionAlgorithmTheoryImplementationProcess (computing)Error messageMessage passingSequenceData integrityVector potentialInformation securitySoftware testingPhysical systemMessage passingImplementationMathematicsType theoryComputer animation
EncryptionFlagAuthenticationStreaming mediaFingerprintError messageWeb pageSet (mathematics)Limit (category theory)Default (computer science)Default (computer science)MathematicsMobile appStreaming mediaOcean currentBitGoodness of fitStandard deviationEmailClient (computing)Computer animation
Directed setEmailMessage passingEncryptionData typeContent (media)MereologyElectronic visual displayClient (computing)MereologyType theoryEmailASCIIEncryptionParsingIndependence (probability theory)BitVulnerability (computing)1 (number)MathematicsStandard deviationComputer animation
Menu (computing)Pauli exclusion principleNo free lunch in search and optimizationEmailCodeOrder (biology)Single-precision floating-point formatCryptographyComputer programmingBitRight angleComputer animation
Message passingData typeContent (media)MereologyPhysical systemEmailClient (computing)Limit (category theory)ImplementationEncryptionCryptographyMultiplication signClient (computing)EmailRadical (chemistry)Computer animation
EmailClient (computing)EncryptionVulnerability (computing)TelecommunicationInformation privacyLink (knot theory)Communications protocolError messageContent (media)Software developerInformationEmbargoTwitterClient (computing)Shift operatorInformation securitySoftware developerEmailComputer animation
Execution unitEmbargoEvent horizonIndependence (probability theory)CompilerInformationRevision controlProxy serverDefault (computer science)EmailPoint (geometry)InformationPatch (Unix)Proof theoryIntercept theoremProxy serverSource codeComputer animationXML
Information securityHacker (term)Numbering schemePhilips CD-iEmailEncryptionInformationControl flowHypermediaCASE <Informatik>Patch (Unix)DataflowInformationTelecommunicationGame controllerComputer animation
Computer iconExecution unitPosition operatorEncryptionInformation securityComputer-generated imageryTouchscreenMotion captureGoogolFormal grammarComputer fontDirection (geometry)Software bugEmailRevision controlSource codeXML
EmailEncryptionEmpennageInformation securityTelephone number mappingHand fanField (computer science)Address spaceTouchscreenContent (media)Web pageComputer virusDrill commandsClient (computing)Source codeCiphertextMenu (computing)Finite element methodEmailMixed realitySource codeEncryptionNormal (geometry)Client (computing)Computer animation
EmailClient (computing)Gamma functionLattice (order)TwitterChaos (cosmogony)EmailClient (computing)Chaos (cosmogony)EncryptionMereologyDefault (computer science)Information securityComputer crimeComputer animation
Multiplication signMixed realityDistanceNumberSoftware testingCryptographyRevision controlOnline helpInternetworkingMeeting/InterviewLecture/Conference
InternetworkingEmailClient (computing)Standard deviationMereologyDirection (geometry)Exploit (computer security)Rule of inferenceThumbnailState of matterMultiplicationLecture/Conference
EmailNumberBuildingCommunications protocolCryptographyMathematicsCategory of beingProper mapDampingLecture/Conference
NumberCryptographyMereologyInternetworkingParsingControl flowMultiplication signEncryptionClient (computing)EmailOcean currentLecture/Conference
Client (computing)EmailSoftware developerSound effectLecture/Conference
CryptographyEmailEncryptionNumberPoint (geometry)Client (computing)SurfaceSoftware testingRevision controlStress (mechanics)MathematicsBitDifferent (Kate Ryan album)Cartesian coordinate systemOpen setLecture/Conference
Semiconductor memoryCartesian closed categoryDirection (geometry)Chaos (cosmogony)Roundness (object)Lecture/ConferenceComputer animation
Transcript: English(auto-generated)
The following talk is about email encryption. Who worries that their email encryption might
be capable of being hacked or cracked? Worry not. As far as I'm told, it still is rather secure, but. And the but will be answered by Sebastian Schinzel, who is one of the
eight security researchers who uncovered the drama and the details behind e-fail, a recently occurred issue with OpenPGP and S-MIME in a lot of email clients. All the technical details he will dig into, so please give a warm hand of applause for Sebastian Schinzel.
Okay, so it's good to be back. Thank you everyone for coming. My name is Sebastian. It's my fourth talk here at the CCC, and the other talks that I did were also on encryption.
So I somehow like encryption, and I like analyzing encryption, and I like to break encryption. So I did a talk on TLS, where we found an attack against TLS and against XML encryption, for example, and I usually start my talk by asking who's using this specific technology,
because usually when you're analyzing or doing a talk about a communication protocol, you ask the people who's using that. And you know, for email, it would be silly, right? Because who's using email? Every one of you is using email, okay? Because I don't know,
I mean, when you started using the internet like in the last 20 years or so, usually the first thing that you do, you dial in onto the internet and you make yourself an email address, so everyone uses email. But let's take a look at how things work when you send an email.
So when you click in your email client, when you compose an email and you click into your email client, send. So the first thing is on one of your devices, you're using the local network, and there's a green arrow because it's under your control. So you can define by yourself how
secure this link is going to be. Then you use the next connection, and the next connection will be to your SMTP server. And this is also a green arrow because it's under your control, okay? You can control this, and usually it's TLS. The same is valid for your IMAP folder because always when you send an email via SMTP, you will upload a copy to your sent folder on IMAP,
and it uses TLS in most of the cases, so therefore the arrow is green. The arrow is not that green anymore when it comes to the backup strategy, for example, an archiving strategy of your email provider, which may be Gmail or GMX, for example,
or your company, okay? But you may have a chance to know the administrators and ask them whether they're doing a good job and stuff like that. You're also, it's not under your control where else your email is uploaded to. So, for example, in order to check it for antivirus
or anti-spam and stuff like that, right, so it gets uploaded to some cloud, right, because you want to do a spam filtering. And then it goes out to the internet and, you know, we learned what's happening on the internet. People are listening in on the internet, and we heard from Edward Snowden, for example, that many nation-state actors and agencies are doing
this as well. They are listening into your emails, or they at least try to. And then the arrows get read as soon as it hits the SMTP server of the receiver, right, because you don't really know whether they are using TLS, encryption in any case. You don't
know whether they upload it to another antivirus vendor or so, and then it gets uploaded to the IMAP folder, to the inbox of the receiver, where it gets archived again, right? There's a backup is being done and stuff like that. It's archived. And then finally, the receiver of the email has the ability to check his own email and retrieve the email from his inbox. Okay, so
even if you know that the other person that you just sent the email to does a good job in securing it and uses encryption everywhere and so on and so on, you never know whether there's some attacker or so who has compromised the infrastructure and so on and so on.
Okay, and this problem multiplies when you send an email to multiple people, because then all of a sudden the email that you just sent, your email, hits infrastructures of many other people. Okay, so many people have access to this email. And this is the first thing that I want to, this is the first point that I want to make in this talk.
People usually talk about their email. It's my email, you know, and when I run my own mail server, it's going to be secure. But this is not the case. I mean, the point of using email is distributing it to your friends, to your colleagues and so on and so on, because you want to exchange. It's a communication method. But the communication is archived,
so people archive this and so on and so on. So it's a mess, basically. Okay, so for the rest of this talk, we need to have some assumption that someone has access to the emails. Okay, because, right, we just learned that it's distributed,
you're archiving your own emails in your IMAP folder and so on and so on. I have the emails of the last 15 years or so in my IMAP folder, and if someone gets access to it, right, boom, I have a problem. Okay, and in order to cope with this, people came up with end-to-end encryption. And there's two competing standards out there. The first one is OpenPGP. It was
first defined in 1991. Phil Zimmermann invited it, and this happened in the first crypto wars. So this is a very interesting story. And the most widely used email clients, they support OpenPGP, but only when you download the plugin. Okay, for SMIME,
you usually have native support in most of the applications. So you just get an SMIME certificate and off you go. You can just use it, and it just works out of the box. But it's mostly used by corporate organizations and military, for example, right? Not so much by privacy advocates
like OpenPGP. Now, we can't measure very well how many people use SMIME. We try it, but there doesn't seem to be a public source where we can measure this. But we can do it on PGP, because PGP has key servers, and you can upload your key there so that people can communicate with you in a secure manner. And this statistic here is the amount of new
public keys per month. And it started off very low in 1997. Then in 2003, we saw a constant rise until 2013, where we see a spike here, where it more than doubled. Does anyone know why
we saw this spike in 2013? Snowden, right? Edward Snowden. We had the Snowden revelations, and Edward Snowden used PGP to communicate with the journalists who did the actual disclosure of the documents. And so we see this in the uploaded keys. So people use PGP much more. We also see this in the amount of daily users of Enigmail,
which is the plugin for Thunderbird. And you can extract this information. And there we also see around 2013, we see a jump, and it increased by 50% or so, something like this. So people use PGP, right? It's not that many. When you compare it to how many people use
email, a few hundred thousand is not that much. But still, it's a substantial number. Problem here is, we know for a fact that in the last 20 years or so, especially non-technical users are not able to use PGP in a secure manner. So we have the first paper from 1999,
Why Johnny Can't Encrypt. And then we have a follow-up paper from 2006, Why Johnny Still Can't Encrypt. It must have been better, I hope. And then in 2015, we have Why Johnny Still Still Can't Encrypt. So we have a long story where people
tried to use PGP but failed. And this is not something that is inherent in OpenPGP. We have the same papers for S-MIME, where they confronted novice users with S-MIME, and they failed, basically. They weren't able to use it in a secure manner.
So therefore, in order to enable people to use PGP, especially PGP and S-MIME in a secure manner, you have many tutorials out there. And this is a very interesting tutorial, because it's the original video that Edward Snowden recorded in order to teach Glenn Greenwald how to
use OpenPGP. It's still on Vimeo, the original video is still there. And what is interesting there is, he doesn't recommend a plug-in for an email client. He basically says, just use webmail and use this PGP standalone application, type your message there, click Encrypt, and copy and paste the ciphertext into your webmail.
Okay, so there's no integration. And others recommend, for example, Enigmail or GPG tools. Enigmail is the plug-in for Thunderbird, and GPG tools is the plug-in for Apple Mail. Which means that most of them had HTML switched on, which is an interesting fact,
okay, for something that we're going to talk about later. So I thought about, how can I do this talk? And this is how I came up with the agenda. So we start off with some attacks that I find pretty interesting, at least for an academic they are pretty interesting. And we slowly degrade to pretty silly attacks. And you decide for
yourself whether you would fall for it or not. I came to the conclusion that I would probably fall for them. Okay, I lied. So we start off with something that is even worse than silly. So what's the worst thing that can happen when you're sending an encrypted mail?
You're sent a private key, that would be bad. What's even worse? You're sent a plain text. Okay, so in 2014 there was a bug in Enigmail, which is documented in their bug tracker. So basically you compose an email, you tell Enigmail to sign and encrypt it, and then you send it, and it will be sent in plain text.
Okay, this is not good. In 2017 Outlook did it much better because they did encrypt it, but they packed the plain text along with the cipher text. Okay, bad. And then in 2018,
you may remember this, this is just a few months back or so, Enigmail, or pretty easy privacy, it's a plugin to Enigmail, it's a plugin to the plugin that's actually used for novice users. It gave the feedback that the email that you're composing will be encrypted, but it wasn't. Okay, and the good news here is, okay, the email attacks don't apply here because...
Okay, I mean it's, but I don't want to make fun of any developers. The point that I'm trying to make here is that email is a plain text protocol, and it's always very difficult to make a protocol that was made for plain text delivery to make this encrypted. When you have
a plain text fallback, you're into trouble. Okay, and we saw the same basically with HTTP and HTTPS. Okay, so HTTPS is like now secure, but they had the same issues, right, in browsers, and so they were falling back to HTTP, and so on and so on. So it's really, really difficult.
Now that we have this out of the way, okay, we try to look at the interesting, interesting bugs. And before we start, I want to make a short introduction into how the cryptography in S-MIME and PGP work. And I just make one introduction, because both are the same from the viewpoint of the attacks that I'm going to present. Okay, both are very similar, actually.
So we start off by writing a message M. This is here. We generate a session key S. That's basically a random session key. And we use the session key to encrypt the message and make a ciphertext C. And we use AES or triple S, for example. Any symmetric cipher will do here.
Then we use this session key that we just generated and encrypt this with a public key of the recipient, and we get a K. And we tag this K into the message, so everything will be packed into a message and sent off to the receiver. The receiver then obtains the encrypted
email. He starts extracting the ciphertext K and the ciphertext C. From K, he decrypts S, which is the session key, right? And with S, he can decrypt the ciphertext C and retrieves M, and so both have the same message. Okay? So it's basically hybrid encryption. You use symmetric
encryption for the actual encryption of the message, and then asymmetric encryption to just encrypt this session key. Now, if you attended my previous talks, I talk a lot about ciphertext malleability. So you make tiny changes to a ciphertext, and it will lead to predictable
changes in the plaintext, which is strange, right? So we would assume when we just flip a bit here somewhere, okay? Here's a bit that just flipped. And when we decrypt it, we get something like this. Usually you would think, okay, it's total garbage. Nothing
sensible should come out of this. But we see something like this. Most of the message is still intact. We just have a few randomly looking junk binary stuff in there, and we see one changed character here. That used to be email, and now it's efail, okay? So there was just some
bit flipping happening here. In order to understand this, we need to introduce something that we called a mode of operation. AES, or any other block cipher, has the property that it uses blocks. In most cases, it's 16 bytes. And when you want to encrypt more than 16 bytes, you need to call AES multiple times, and you split it into blocks. And CBC is one way of
connecting these ciphertext blocks. So the decryption works like this. You have the first ciphertext block, the second ciphertext block, and the third ciphertext block. Only the second one is decrypted. So C1 is decrypted using AES and your key, for example. And the result
here is not directly the plaintext, but it will be XORed with C0, which we would also call an initialization vector. Okay, so whatever is written in here will be XORed on whatever comes out of this description, and we get this plaintext here. Now when we flip a bit,
or when we change a certain byte in C0, we change whatever comes out here of the decryption, and we will flip the same bit at the same position in the plaintext. Which is interesting, because now when we say we use the original C0 and XOR it with P0, so when we XOR it,
when we XOR twice the same value, we get basically a block of all zeros, which is like a blank sheet of paper that we can write on. And we call this thing, these two blocks here in combination, we call this a CBC gadget, because we can reuse it as much as we want.
And now, when we now take a chosen ciphertext, the nice thing is here, we just XOR it, the chosen ciphertext on this initialization vector, and it means that it will here result in a chosen ciphertext. So this requires that we know the value of P0. We need to guess this
value of P0. And this is always true, at least for S-MIME, because all S-MIME emails start with a content type. So we always know the first bytes, so this is valid. We can do this. Now, this was like the perfect scenario. It does have some drawbacks, because when we try
to do the same for C1, we switch, we flip a bit here, then we flip a bit also here, but the decryption of C1 results in this random junk. And we can't do anything about it. We don't know whatever will come out here, and we can't control it. We just have to deal with it. It's
going to be there when we use the CBC gadgets, and we have to deal with it. We have to find a way to deal with it. And now we can explain this behavior. You remember this email where we just flipped a single bit, and we saw one block was destroyed, basically, and then the other block we had, we can flip arbitrary bits? That's the explanation for it. Now, how do you deal with it?
How should a proper crypto protocol deal with it? Usually, you do something that is called a message authentication code. It's not a digital signature. A message authentication code is something like a cryptographic checksum that is put right next to the encrypted message,
and that can be checked after decryption or for decryption. The message authentication code is solely there to detect changes of a ciphertext. Digital signatures are different, especially in the mail context, because they're pretty much totally separate from the decryption part.
So digital signatures are merely only used to display an icon, for example, for valid signature or invalid signature. And the problem here is a smart attacker can use a signed email and strip off the signature, okay? We just strip off this part that we know there's a signature.
We can remove the signature, and then this doesn't mean there will be an invalid signature, but we will get something like this. This is the icon in Thunderbird for encrypted and not signed. So we can simply strip off a signature, and there's valid reasons to send an encrypted
email without doing a digital signature on it, right? So we want to do both. So digital signatures won't prevent this attack. So how does S-MIME look like? Basically, I mean, most of you will have heard of MIME. MIME is like a standard that we use in emails
anyway. Here we have an email header. It looks very similar to HTTP. We have content type, colon, empty space, and then it's whatever is coming now for data. And then we have an email body with envelope data, and there we have the list of the encrypted session keys that this
ciphertext was encrypted with. And after that, we have the encrypted content info here. This part is the encrypted part where the actual message lies. And now when you look closely and you squint, you see there's no message authentication code. And it's not because I left them out, but because S-MIME doesn't define one. So S-MIME doesn't have
a message authentication code, which means it cannot detect by the standard whether a message was changed or not. So how can we attack this? How can we use it? I think you all have a feeling that this shouldn't work, okay? This is nothing that's supposed
to work. This is the plain text that we want to exfiltrate, and we only know the first block. We can pretty much always guess the first block because it's always content type, colon, text HTML or text plain, something like this. Now, we can use this as a gadget here and
write our arbitrary plain text. We have a random block and then chosen plain text. Then we copy it again. We again have a random block and some chosen plain text. Then we have a random block and a chosen plain text. Then we have a random block and a chosen plain text. Then we copy here the original ciphertext, and we close this thing. And when you look
closely again, you see that we're building HTML here, right? That's a base tag. That's an image tag. It uses a URL that is not closed here. It will be closed down here, and this is effectively the URL, okay, a URL path, and will fast be exfiltrated. So when this HTML is
interpreted, the actual plain text is sent to the server. And here we have an old thunderbird, so that is a version of before May and before we did the disclosure. We first compose a message just to have some PGP ciphertext. This is a very secret message, and here we have the attack
email that is already prepared. And now it asks us, okay, here's remote content in here. What do you want to do? And we just, just for the last, just like this, we just click it. And we see always now when we select the message, an HTTP request is done to this URL.
And when we decode this, it looks pretty, it's encoded. But basically what we have here now, you see here's the secret message, and here's random junk, and here again is random junk, right? So it was successfully exfiltrated. This was the first proof of concept that we had,
right? And okay, right, so this works. This is like this dialogue here that you get in Thunderbird that asks you, should I load remote images, yes or no? This is basically everything that is keeping you from losing your PGP or S-MIME ciphertext, S-MIME. We're talking about S-MIME
here. Now, what we did next was we were asking ourselves, okay, it works with remote images. We understand this, but what other back channels do we have? Back channel is something where your email client is communicating over the network. So it's not necessarily
exfiltrating, but it's just like, how can we convince a client to make a connection to somewhere else? Now, I colored in red all the email clients that require user interaction, that always require user interaction before it does, it opens up a network connection somewhere.
In orange, we say that there's no user interaction, so these are the clients that allow, for example, loading remote images by default, okay? There's mail app, for example, there's Gmail, for example. They will not ask you, they will just load it, okay? But what we think is worse, and therefore we colored it red, are the clients that say we won't load remote images
or any other way of communicating over the network, but then they will because we found bypasses, okay? So because preventing loading remote images is basically a firewall, and we bypass this local firewall and found several ways of extracting it. And there's even four or
five of them that even allow JavaScript execution, right? In a mail client, I mean, come on, this is really weird. So basically, 40 or 47 clients have back channels that require no user interaction at all. And now we went out and tried to think about how can we exfiltrate
plaintext over it. And this is the final, the final table, the final result table for S-MIME, and it looks pretty grim, right? So the red ones means it's vulnerable, that means we could exfiltrate plaintext successfully. The ones with a dash, they don't support S-MIME, and claws and mud, they don't, we just didn't find any remote connection there, okay? Which is good,
which is good, yeah. That's a round of applause, right? So I didn't say what S in S-MIME means, it actually means super, so it's super MIME, I don't know. Is it super MIME, I don't know.
And basically his kryptonite, you know, the supervillain of super MIME is HTML here, right? You could say this. Okay, so S-MIME is broken by HTML, and it's very annoying, a very annoying kryptonite because it jumps and, you know, like it's ugly colors. Now, this is my Thunderbird that I have on my Mac at home, so this is like something that I recorded
two days ago or so, and here I want to try to show you a way of exfiltrating the data without using HTML. So HTML here is disabled, this is the message that we want to break, and here we see the same message where we just changed, using gadgeting, we just changed the URL.
So in Thunderbird, when you disable HTML, it will still highlight the links, and when you click on it, you're going to exfiltrate, you're going to exfiltrate plain text, right? So we require a little bit of user interaction, but we can basically change a S-MIME ciphertext in a way
that it will contain links, and when you click a single link, you will lose your plain text. It's just a single click on it, and the thing here is, I mean, this is not a zero day in a mail client, right? You just can't do anything about it, that's the problem. Okay, so people
said, okay, if that's just disable HTML and then you'll be fine, but the problem here is basically if it should work with any format that supports external connections. So as soon as you have a file format, for example, that supports external connections, like PDF here, right? This is a PDF, when you click on it, it will warn you and will say, do you
really want to make a connection to this domain? And if you click yes, you will do a connection there, right? And when you look at how the URL is encoded in the PDF, when you open the PDF in a hex editor, you see it's just a string, just like HTML basically, right?
So you could, if you reuse this as well, so you could change an S-MIME email that it contains a PDF attachment, and when you click the PDF attachment, it will exfiltrate. With no user interaction, it works with Microsoft Word, for example, so that's a doc file, and doc files allow
external images that will load. It has no user interaction at all, so you just open it and the request will happen. And the only problem that we're having here is it's not an ASCII URL, it's a Unicode URL. So I'm not sure whether this works with exfiltration, but hey, no user
interaction, right? And now you could say, okay, PDF, Microsoft Word, that's very bad. The same works in LibreOffice, and it's not a bug in the viewers, right? That's a basic feature that has been in these standards forever, right? So it's a thing that will be supported. It's not
a zero-day vulnerability in these viewers, it's just the file format supported, so you can abuse it. Then if you have some time, here's your challenge for you. If someone is able to make a successful demo for exfiltrating an S-MIME email using a PDF or a doc file, for example,
you will get a crate of plump matter and some efelswag if you want to. Okay, so what happened after we disclosed it? Obviously, we disclosed it to all the manufacturers and so on, and there's an S-MIME draft of a new RFC, so there's a working group,
and they already massaged the countermeasures into the current RFC draft. So for example, to counter the CBC gadget attack, they say use AES-GCM, which is not right now in the current RFC, but in a draft, it's already in. And so they're referencing the paper, and they're saying,
okay, you need to do this and do this as quickly as possible. And the second efel attack, which I'll talk about very soon, is also mitigated in this RFC draft. So, okay, so S-MIME is pretty much broken, and you can just try to convince your email client not to do any external connections, okay? That's all you have, which at least, I mean,
for a cryptographer, this means broken, okay? When you have to rely on the viewer not making any connections, the cryptography is broken. So what are the changes to OpenPGP? Because there are substantial differences to OpenPGP. So first of all, PGP uses a variation of the CFB mode. It's
not CBC mode, but CFB mode, and they have pretty similar, they're very similar. So I won't show it here if you're looking for the details, please look at the paper, but it's very similar. We can also flip bits, and we also have these chunk bits in the middle, and so on. What really
causes a lot of headaches is the plaintext compression. So that means in OpenPGP, you don't encrypt directly the plaintext, but you deflate it before you encrypt it, and that makes it very hard to guess plaintext bytes, because for our attack to work, we need to guess plaintext
bytes, and when we know plaintext, certain parts of the plaintext, but it's deflated, we have a problem. The most important thing is that OpenPGP defines a modification detection code, which is basically, this is the message here, and the modification detection code is a hash
of the message appended at the plaintext and then encrypted, which should detect plaintext modifications. Now how does the OpenPGP standard say
how to deal with broken MDCs when an MDC is not valid? Well, they say an implementation must treat an MDC failure as a security problem, but they don't say what's a security problem. What do you need to do then? And the implementation may allow the user access to the erroneous data, so the modified data may be passed on to the email clients, and basically we
try to do this, right? But before we go there, we looked at how many keys on the public key servers support MDCs at all. So MDC is a feature that came to OpenPGP in the early 2000s, and before that, it wasn't possible to use it, and so therefore, to make this,
to make the change from software that doesn't use MDC versus software that does use MDC, they encoded in the key whether you support MDCs or not, and here you see those keys that were generated in 2000, they don't support MDCs, and the green ones, they support it. But
the problem is when you accumulate all the valid keys in PGP that don't support MDCs, we still see that at the key servers right now in 2017, we have something like 1.7 million of the keys that don't support MDCs. So when I send an email to one of these people,
my implementation will not use an MDC, or, right, they, yeah, I'll come to this later. So we thought about, okay, how can we make a structured analysis how the MDC is treated with? The OpenPGP standard is not clear what to do with it, and so we have three test cases. First
of all, we try to strip the MDC, so we just use this encrypted packet here and strip off at the end. We just say, okay, it's incorrect, right, so we make our modification in the plain text and see whether it's, whether they will detect this error, or we could also do this downgrade
from the packet type that supports MDC to the old packet type that does not support MDC, right? And when we checked this, especially with the most widely used clients, we saw that Thunderbird and Enigmail and Apple Mail and GPG tools, they basically ignored the
MDC. And that was the reason why we didn't see the MDC as very important, because in our test systems it wasn't just, it wasn't just treated, okay? Now what are the EFL-related changes to OpenPGP? And we're talking about the changes that were done after, after we disclosed this to them. First of all, they make something that was,
that is very important. They say that the packet type in PGP that does not support MDC is now obsolete, so you must not use this packet type anymore. You must ignore it, which also means that when you have used non-MDC messages in your mailbox, you will not be able
to open them anymore, okay? Yeah, that's a problem. Then they also said, okay, what, what is supposed to happen when the MDC was wrong? And this is some, this is the text that we have already seen, where we said the implementation may allow the user access to the erroneous data, and they changed this in the, in the current draft to the implementation
should not allow the user to process the erroneous data, right? They must still warn the user, and so on and so on, but it should not allow the user, which is good. That's a good change. So this was, this MDC check is a bit troublesome, because it's right at the end of the,
of the, of the plain text. So you can only check the MDC when you have fully decrypted the message, which means when you have a large email or a large backup or so, you have to fully decrypt it, and afterwards, only you can tell whether it was valid or not. And GluePG,
the solution of GluePG is that it will just stream, while it decrypts, it will stream the data to, to the email client and afterwards tell it whether it's supposed to use it or not. Okay, so here's your email, here's your email, here's your email, oh no, you must not use it. Please forget it, right? Which is not fine. This is not a safe way of doing it.
So the current OpenPGP draft, before EFAIL, before we did the disclosure, already supported something that they called chunking. So they not only have an MDC, some kind of a MAC, at the end of the plain text, but they chunk it into, into more chunks, and each of these has a MAC, a real MAC, which is much better, because, right, you can authenticate chunks
and cache it before you give it to the app. The problem is that the, the problem is that the standard says that 120 megabyte is like a good chunk size, which is far too big, right, far too big. And when we look at the EFAIL-related changes to GluePG,
so for example, MDCs were, they used to be warnings, so when GluePG was detecting that an MDC is not there or it's wrong, they would just warn it, but it would still print it out. GluePG now, like, fails. It makes a hard failure now, and GluePG now always uses the MDC
independently of the key denotes that the receiver can, can, can use it or not, which is also very good, but it's a breaking change, right? So when you have people that send you PGP emails and you can't decrypt them anymore, you have to tell them that they need to update GluePG. They also say that, they say the default chunk size is 120 megabyte,
which means they still stream unauthenticated plain text, so they miss this opportunity to make this, to make this go away, which is a pity. Okay. What is not answered, neither by
S-MIME nor by PGP, how to deal with past emails. So basically all the emails that you're sending in S-MIME encrypted right now are insecure, and the old ones that don't use MDCs in PGP, they are also not secure, and nobody talks about what's, what's happened, what's supposed to happen with them, right? Okay. That was the interesting, that was the interesting attack. That was the one
that is really cryptographically involving, that required changes to the standards and so on. Now let's look at something that's a bit more silly. Okay. So we have Alice writes an email to Bob. We encrypt it and send it off to Bob. Now here we have the original email, and now Eve
composes an attack email, and it, it somehow gained access to the PGP ciphertext. It also works for S-MIME, right? It's independent. It's a vulnerability in the, in the male clients, and now we don't change the ciphertext. We just surround it with other MIME parts that are of type HTML and that are exfiltrated, the same as we did before, only that we don't
need to change the ciphertext at all, right? So basically when this is decrypted, it will be replaced with a plain text in place, and then it will be merged into one document. And now I have to tell you something that many people don't seem to know. All male clients,
except Matt, they use HTML to view emails. So even when you disable HTML, it basically means that they will use incoming HTML emails, parse them, transform them into something that looks like ASCII, and displays, display this in HTML, okay? So, right? There's no such thing
as ASCII emails with, with most of the clients. So, but here now you have one HTML document, which basically means the same, it will exfiltrate, and very easy, okay? So let's look here on this video. Here we have, we create one ciphertext. We encrypt it.
We use Apple Mail because this was one of the two vulnerable clients, and we just opened this email in order to view the PGP ciphertext, right? We look at the raw code of the ciphertext, the raw source, and we scroll down, and there we see there's the PGP message, okay?
Now, in the next, in the next minute, Eve somehow gained access to this ciphertext, and it will compose a attacker email, which is hidden in a, in a, in a, in a Python
program that we just used to, to generate an email. So this happened now in the background. You will see an, an, an email is incoming. Here we just open the access lock for, for this, and when we click on it, right at this time, it will be exfiltrated, okay? So very easy attack. Anyone can do this. You don't need to know anything about cryptography.
You only need to understand a little bit of HTML and a little bit of mine, and you can execute this. You know what's worse than this? So how about we just exfiltrate many emails with a single attack email? Because we could basically use, here we open an image, here's the ciphertext, here we close it, then we open
another image, here's the second ciphertext, then we close it, then we open a third one, and so on and so on. And what you see here on the left hand side, you see there's 100 ciphertext packed into one email that is sent to this client. I blurred this because I used 100
GPG emails that I sent, right? I didn't want to show them to you. And now this takes some time. Now it's like decrypting, decrypting, decrypting, decrypting. And when you look at the terminal on the left side, you see 100 emails getting exfiltrated, right? Automatically, simply by opening a single email. Okay, this is horrifying.
And when I say horrifying, I'm literally mean. This is horrifying. So we were like afraid, okay, when we disclose this, then people will start attacking this within the hour or so, okay?
And so we disclosed this in early 2018, end of 2017, early 2018. And in May 2018, we had already shifted the disclosure date twice, and in May we said, okay, we won't shift this anymore. And so therefore we said, okay, we go online, but we want to make a pre-announcement.
We want people to warn the people that if you use PGP or SMI for very sensitive communication, you should disable it in your email client for now. These are the original tweets that we sent.
And we said, okay, in a day, okay, when you have done this, then we will disclose everything. Okay, we will go online with a paper and everything. And now, I mean, people started talking about it, and then the GNU-PG people started tweeting, and they basically broke the embargo. So they told, okay, the attack is working like this. First you do this, and then you do that, and then you do that, and they were blabbing,
and so on. And then they sent it, which is annoying, but then they sent this. So they said, no, the GNU-PG team was not contacted by them in advance. And this really, okay, then it got really hot. Okay, this is not true. I will show you later, but, I mean, this tipped off almost anyone in the infosec community, and we got hate emails, and, yeah,
people were really mad with them. I posted, we did contact them, and this is like the, these are the original dates when I talked with Werner Koch, which is the main developer of GNU-PG, but it was too late. I mean, they recognized it. They said, oh, yeah, oh, I forgot, right, that they sent this paper here that writes e-fail with our names,
and a date, and an embargo, and so on, and so on. And they said they forgot it. Okay, but, I mean, we lost at this point. Okay, people were hating us. I was called a murderer, and so on, and so on. So it was really, really weird. If you're interested of how things worked,
right, this is an independent summary of the disclosure timeline from Thomas Tashak, which is not involved with us at all. We have never met him, but who was so kind to just compile this, just from public information that are really reliable. So, and then something happened that we, what we could foresee. People were finding, like, there were some patches,
and we told, I told you already that we saw that these patches are not sufficient, and two days later, okay, people came up with new style of attacks, new e-fail attacks, and this was Hanno who found something. So he said, I found a trivial bypass. E-fail is still
exploitable with the latest Enigmail and Thunderbird. That is three days after we did the disclosure, and he responsibly disclosed this, and so on, and so on, so everything is fine. Micaiah Lee from The Intercept also developed a proof of concept exploit that works against Apple Mail and GPG tools. Also, two or three days later, so we were right, right, so people
were finding ways to circumvent the fixes that were in there. But still, I mean, okay, media was blowing up, okay, and we didn't actually understand what was really going on there, but you have to know, I mean, PGP is like, one of the main users of PHP,
of PGP is journalists, right? So, and they basically, I mean, we showed it to them, looked, that's the attack, and they were like, what? That's how easy it is? And that's what you see in the press, I guess. So what are the lessons learned from the disclosure?
So first of all, people kept complaining, I mean, people kept complaining to us that we didn't stick to the 90-day disclosure deadline, so we had more than 200 days disclosure, and we postponed it, and so on and so on, and in the aftermath, it didn't make sense, because we were postponing it, postponing it, and there were still no reliable fixes. So we should have stuck to the 90-day
disclosure headline, because after we disclosed it, they were in a rush, they released patches and stuff like, you know, so it was, yeah. Be careful with disclosure pre-announcements. The problem here is people will speculate about the details, you know, because when you say,
okay, we'll disclose something tomorrow, but we're not going to speak today, then journalists will speak to some random people, right, that they just get their hands on, and they will just try to guess what it could be, and this means they will underrate the risk or they will overrate the risk. Underrate the risk is just disable external images, loading external images, then
you're fine, that is underrating, and overrating is like, okay, PGP is broken forever, right, and which is not the case. And they will spread this false information and you still see this out there, right, it's documented, people have issued like papers and so on and so on with wrong
information, provably wrong information, which is bad, and so these disclosure pre-announcements are bad because you're not in control of the communication anymore. That's very bad. And controlling information flow really is key after you do the disclosure, because otherwise you get the wrong story out and this doesn't help at all. Okay, let's look at the last attack,
and we call this reply to attacker, and I have to give credit to the people of QA53, which also found this bug or a similar, very similar version of this bug as well and disclosed it, but they were first to disclose it, so credit goes to them, okay. Here the attacker
scenario is I get an email from some person which makes sense, it's a benign email, okay, it doesn't look bad at all, and the person wants to trick me to answer this email. So this is the email that I get, there's some footer here and stuff like that, and now we look at,
in the video, it's an old version of mail that we use here, right, this is the email, we just, and I answer it, right, because people were asking me for an appointment, they want to meet me, and I was like yeah sure, after my talk let's just meet, and this is the attacker email that the attacker has opened, and when you look closely down here you see secret
stuff here that shouldn't be in there and that I didn't send actually. Let's look at the plain text of this email, and the source code of this email, and when you scroll down you see it's a mix of just a normal email, benign email, and down here you find a cipher
text, it can be S-MIME, it can be PGP, it doesn't really matter, and what's happening now is I get this email, this here will be decrypted from my mail client and I don't see it because
I won't scroll down, I'm a lazy person, I'm a top poster, right, now you can go boo, and so on, okay, but still I mean top posting is considered evil here because I basically, the attacker was sending me an email where cipher text was hidden in there that my email client was decrypting and I was replying to this email sending the attacker the actual plain
text that I just decrypted without knowing it, okay, that's silly, okay, come on, that's really silly, okay, what are you supposed to do now, what are the things that you should do, and the important question here is you should ask yourself, are you targeted by motivated
attackers, and a motivated attacker is not necessarily the NSA or so, right, it can be just, I don't know, cyber crime people or so, I mean we basically came up with these attacks with eight people and the better part of a year which is not, which is a lot of research actually but it's not like comparable to a nation state, right, so if you're targeted by a motivated
attacker and if you say yeah you are probably targeted by motivated attackers then avoid email in total, email is not made for security communication, okay, if you can't avoid it and there's people who can't avoid using email, they can't just use Signal or any other chat client
then definitely use OpenPGP and encrypt and decrypt outside of the mail client. If you are probably not targeted by motivated attackers, which is most of you, and I presume I would count to the same people here, definitely prefer OpenPGP over S-MIME because S-MIME remains
broken, right, there's a standard coming up which fixes most of the stuff, disable HTML for encrypted emails and this is like not that easy, note that most email clients use HTML by default and it might be okay if you fix it, the people that are here in the audience
but think of all the people who are not here in this audience, who are not technically versed and so on and so on and they will not disable HTML, right, so be careful with attachments which is also very difficult, how can you be careful with attachments, right, this is not very good
and don't top post, don't cite text in a reply, okay, that was my talk, if you want to meet us afterwards we're gonna go to the chaos west, there's a huge enlightened palm and we'll be there if you have questions you can ask us there, thank you very much.
Thanks a lot Sebastian for this interesting talk, we still have some time for questions so if you would like to ask some questions to Sebastian then please queue up behind the
microphones and please try to be concise with your question and please get close to the microphone because the mixing angel in the back is able to make it quieter but hardly much louder if your distance is not right, so let's start with microphone number two.
So this is one of the fixes that they did, I mean it doesn't help with the cryptography but it makes exaggeration a little more difficult, if you want to do the testing
try the versions from before May this year. I did with the old versions. Okay, we can talk afterwards if you want, let me show it to you. We are streaming all the talks in the internet and we have people on the internet that would like to ask a question, so please a question from the internet. Yes, so there were actually many questions in the direction of
problems with the mind standards, so like what they were asking was basically wouldn't the exploitation be prevented if the email clients would handle the standard correctly?
Okay, so I'm not sure whether they meant the MIME standards or the S-MIME standards, so basically the MIME standards are the one to blame for the direct exaltation attacks where you have multiple MIME parts that are mixed together and the MIME standards don't state explicitly
how to do this, so they don't have any rules of how to handle it and basically I think as a rule of thumb when you try to be concise and complete with implementing the MIME standard you were vulnerable and if you were just lazy and just for example decrypted the first MIME part or so you were not vulnerable, so leaving out much of the stuff made you
more secure, which is weird. Thank you for the answer. We have another question in this hall on microphone number six and please remember to be concise and get close to the microphone.
What do you see as a future replacement to PGP for email encryption? So actually we brainstorm a little because PGP lacks many of the modern properties like forward secrecy and stuff like this, but it turns out that it's not very easy to do this,
especially not when you don't want to do changes to SMTP and IMAP. So it's going to be difficult to make it more secure than PGP besides the criticism that I already brought in. So email is not a very good protocol
or the protocols that are built in email are not very good to build proper crypto on top of it. Thank you for this answer. So maybe we need to build something and tighten you from scratch. There is another question on microphone number two if I see this correctly.
So do I understand it correctly? It looks like there won't be a fix for that multi-part attacks like there's the normal plaintext, the attacker writes and then there is a ciphertext which my mail client decrypts. There won't be a fix for that. There is a fix. So the mail clients are fixed. So that's because that's a non-breaking fix. That's
a good thing here. So you can't fix S-MIME for example because it would be a breaking fix, but you could fix the email clients which was a lot of work because MIME parsers are very complex but they fixed it. So it's not supposed to work in current mail clients anymore, the direct exaltation part.
So we still have quite some time left and so I would like to have another question from the internet. Yes, so one user asks would you recommend developers to enter PGP into their email clients instead of using extensions?
Yeah, I'm not, I mean I already talked about this that not many people use PGP and also not many people use S-MIME. I'm not sure whether it, this will be increased when open PGP is built into most of the mail clients because you could use S-MIME,
you know, as soon as S-MIME is fixed it will be fine to use S-MIME and it's in already in all the clients in there but not many people use it. So it would be nice if we could have it but I'm not sure whether it would have much of an effect on the amount of people who use it.
Thank you and we have another question from microphone number seven. Yes, hello, so I work with journalists here, here, here, there in the very back, hello, hello,
so I work with journalists and Mae was very annoying and I cannot stress enough how important it is to the point you've made about communicating around disclosure. We were scrambling, I work with about 200 journalists who use PGP daily and we were scrambling for any bit of information, what should we do, it was madness. But I actually have a question,
the question is have you played with mail pile? I've read the paper, in the paper mail pile I think I remember was mentioned and I vaguely remember it was mentioned in a positive light
but I just want to make sure if that's the right thing that I should get from this paper. I don't know it on the on the top of my head but if you come afterwards to to Cowles West we'll get out the paper and look at the tests and then we can answer this question. Cool, thank you. Okay, we have another question on the microphone number six.
I'd like to know if there's any difference in the attack surface regarding open PGP, if plain PGP is used or PGP mine, for example if you set your email client to disallow
the encryption of inline PGP. Yeah that's a very good question, I mean the reply to attacker attack that I just showed at
the last, the Q53 people came up with a version that worked with inline PGP and we showed that it's also possible with with PGP MIME. So I wouldn't say, I mean most of the people use PGP MIME, inline PGP is not used anymore, the problem is when you don't decrypt PGP, inline PGP then you
have a problem when people use PGP in an external application they can't copy and paste the the ciphertext in there anymore which is also very annoying and I also told you that it's I think it's a very good idea to do this outside of the mail client if you're in a if you face
motivated attackers. So it's not that easy, it would be a breaking change that wouldn't maybe not be too good. Okay thanks. Okay thanks a lot for this answer, I think we are done with all the questions from the hall. If you like to continue the discussion with Sebastian Schinzel
you may move yourself to the assembly of chaos vest in the next hall in this direction and now please give a big round of applause for Sebastian Schinzel and the awesome team behind.