Efail Attacks

Aug

Efail Attacks

Efail attacks are the latest vulnerability that has been announced on the 15th of May 2018. It attacks encrypted emails that are using PGP and S/MIME encryption protocols, decrypts it, and have full access to the message content and all your company sensitive details.
Not just the currently received message while transferring it but also efail attacks can work on the already existing history of messages.

Unfortunately, efail have no fix announced so far, so the recommendation in order to prevent this attack to happen is to stop using PGP and S/MIME encryption tools and switch to using an alternative end-to-end encryption tool.

The Electronic Frontier Foundation (the leading organization defending civil liberties in the digital world) confirmed this vulnerability and advised to stop using immediately PGP encryption tools and delete any related components and also to not open any old messages using PGP encryption.

The investigations so far proved that the problem is not with the PGP encryption protocol itself but the problem resides in the email client when affected that starts an unauthorized transferring of your email content, that unauthorized transfer is called data exfiltration. As a workaround, you can decrypt your encrypted emails in a separate application outside of your email client.

How do efail attacks work?

Well, let me explain this in the simplest way. The attacker access your PGP or S/MIME encrypted message, either over the network before receiving it or an already existing email that you have, inject it with a certain code that will make the client email(after automatically decrypting the received email) transfer all the data in the message to the attacker