Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated]

The Internet’s two most widely used methods for encrypting email—PGP and S/MIME—are vulnerable to hacks that can reveal the plaintext of encrypted messages, a researcher warned late Sunday night. He went on to say there are no reliable fixes and to advise anyone who uses either encryption standard for sensitive communications to remove them immediately from email clients.

The flaws “might reveal the plaintext of encrypted emails, including encrypted emails you sent in the past,” Sebastian Schinzel, a professor of computer security at Münster University of Applied Sciences, wrote on Twitter. “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”

There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: https://t.co/zJh2YHhE5q #efail 2/4

— Sebastian Schinzel (@seecurity) May 14, 2018

Schinzel referred people this blog post published late Sunday night by the Electronic Frontier Foundation. It said: “EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”

The post continued:

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

Both Schinzel and the EFF blog post referred those affected to EFF instructions for disabling plugins in Thunderbird, macOS Mail, and Outlook. The instructions say only to "disable PGP integration in e-mail clients." Interestingly, there's no advice to remove PGP apps such as Gpg4win or GNU Privacy Guard. Once the plugin tools are removed from Thunderbird, Mail, or Outlook, the EFF post said, "your emails will not be automatically decrypted." On Twitter, EFF officials went on to say: "do not decrypt encrypted PGP messages that you receive using your email client."

Little is publicly known about the flaws at the moment. Both Schinzel and the EFF blog post said they will be disclosed late Monday night California time in a paper written by a team of European security researchers. Schinzel’s Twitter messages used the hashtag #efail, a possible indication of the name the researchers have given to their exploit.

The research team members have been behind a variety of other important cryptographic attacks, including one from 2016 called Drown, which decrypted communications protected by the transport layer security protocol. Other researchers behind the PGP and S/MIME research include Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Simon Friedberger, juraj somorovsky, and Jörg Schwenk. Besides Münster University, the researchers also represent Ruhr-University and KU Leuven University.

Given the track record of the researchers and the confirmation from EFF, it's worth heeding the advice to disable PGP and S/MIME in email clients while waiting for more details to be released Monday night. Ars will publish many more details when they are publicly available.

Update: the paper detailing the "EFAIL" vulnerability was released early and is now available. We will be analyzing it this morning.