Skimmed through the GPG & S/MIME paper. Some good theory w/decent outlined attack scenarios. Currently involves a lot of work by the attacker, including getting the target to open and decrypt new malicious emails.

Not terribly worried about it. It’s low risk for both my personal and my client’s Threat Scenario. But still cool!

Side issue: I’m going to have to explain this to my C-Lvl... when did I get co-opted by blue team?! This is what I get for pushing purple team all these years.

So after a couple meetings and going through more of the links, including the GPG response, etc.

My thoughts on the vuln:

1) The core requirement is that an attacker needs to get ahold of an encrypted email first. This is axiomatic. This is the thing that they need to decrypt.

The attacker can do either by:
a) Sniffing the encrypted email in transit
b) Stealing the encrypted email at rest.

For an attacker to sniff an encrypted email in transit (a), the attacker can get it either:
i) In a targeted Man-in-the-Middle attack
ii) As a systemic attacker (e.g. NSA, GCHQ, Compromised ISP, etc)

A couple things make this difficult:
- Many encrypted emails using S/MIME are sent within a corporate enterprise and never leave the perimeter. (You'd have to breach the corporate perimeter)
- Emails are often protected via TLS in transit. (either need to break TLS or attack the endpoint)

For an attacker to steal encrypted email at rest (b), they need to breach a datastore of email archives. Maybe a company's Exchange server, for example.

If an attacker has access to an Exchange server, they probably have access to other things, including the Domain Controller and individual workstations (after dumping NTDS or with Domain Admin creds, for example)

As such, is not a very good attack for a person targeting corporate emails.
- Much of the encrypted email is internal.
- If an attacker has access to internal data stores, they probably have access to the cleartext emails from the employee's own endpoint of client anyways.

As such, the real Attack Scenario here is a Nation State attempting to decrypt old emails it sniffed in transit at the systemic level.

If they were able to get access to an end point of someone in a shared key thread, they probably can decrypt it with the stored private key on the endpoint, etc.

A nation state actor could feasibly break TLS or sniff traffic at the email provider, etc.

Their target would be activists, journalists, or military / other nation states.

With all this in mind, from a Corporate Standpoint the risk is minimal. There are other more prevalent, less esoteric attacks that will get an attacker access to clear text emails than .

From a privacy standpoint of folks who may be targeted by systemic attackers, there is an issue. The risk is minimized in that it is still a targeted attack (they have to send an email to *you* with an old encrypted message buried in it).


So this boils down to, don't worry unless you're a *target* (not mass surveillance, but a targeted attack) of a nation state.

If that's the case, make sure your OpSec is good. Plan to fail. Fail gracefully. Don't use PGP in the mail client. Copy and paste the message into a separate app.

And good luck. Because fuck being a target of a Nation State.


When you are a target... it always comes back to #opsec .

@tinker Also using a text-only MUA like mutt or neomutt fully mitigates #efail. It's still safe to use the built-in PGP support in mutt/neomutt.

@lattera Recent Mutt user. It is great. Use it on a virtual server, mind you, so I'm not using PGP.

@tinker my goal is to never be the target of a Nation State. Or even a failed State. Or State-like entity. Or highly organized group of chipmunks.

@tinker last attempt was a couple of days ago (phishing by usurping the email of journalist/activist friend of mine). The attempt was kinda stupid though 😂

@crowd42 - You get those. Some govt shops run a half and half w/ 1) Tool Makers 2) Ops. The idea is the tool guys are real smart and should make tools so that anyone can use them. The Ops guys are then trained in how to use the tool. Some never quite understand how the tool does its thing and dont really learn much beyond point and click. See this a lot in phishing. No time for skill or finesse, just send the malware.

@tinker Morocco was (i?,) a client of hacking team, Amesys... and I know at least 6 journalists that been targeted :/

@tinker I think thegruk said it: Paranoia does not work backwards.

So unless you are absolutely sure you are not a target of a nation state anytime in the forseeable future...

@ckeen - Yeah but that’s a hard stance to maintain, both pragmatically and emotionally.

@tinker No, it boils down to not load as HTML the unknown.
Load as plain text or use properly coded client (that removes invalid HTML)

@tinker I think that absolutely is the context to see the EFF statement in: They do support a clientele that fits into the "endangered by nation state attackers or large criminal organizations" category (one of the SANS blogs occasionally had glimpses into the kind of attacks on email communications being used in that sphere).
For those people, sending a "if you rely on PGP encrypted mail for vital interests, stop opening mails NOW" warning is a valid reaction.

@tinker ...which unfortunately has been processed as "don't use email encryption, it's broken" by the general public.

@galaxis @tinker that's completely valid, but if you see the news they've generated, you'll see it's turned into an (admittedly niche) misinformation campaign by proxy. And it is, I think, their responsibility because of their focus on PGP instead of the real cause of the problem.

(The paper is obviously to blame as well, but we need to hold the EFF to a higher standard on this subject matter than most of the orgs running the story.)

Yeah, but from "dont open emails for some days" to completly uninstall pgp plugins" goes some distance. And a bit more precise information would have helped with people not panicking.

Hope this is a lessn learn about hiw to deal with such disclousures in the future

Really good thread here about #efail, mercifully free of breathless hot takes.

↑↑ /

Thank you, @tinker .

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.