Skimmed through the GPG & S/MIME paper. Some good theory w/decent outlined attack scenarios. Currently involves a lot of work by the attacker, including getting the target to open and decrypt new malicious emails.
Not terribly worried about it. It’s low risk for both my personal and my client’s Threat Scenario. But still cool!
Side issue: I’m going to have to explain this to my C-Lvl... when did I get co-opted by blue team?! This is what I get for pushing purple team all these years.
So after a couple meetings and going through more of the links, including the GPG response, etc.
My thoughts on the #efail vuln:
1) The core requirement is that an attacker needs to get ahold of an encrypted email first. This is axiomatic. This is the thing that they need to decrypt.
The attacker can do either by:
a) Sniffing the encrypted email in transit
b) Stealing the encrypted email at rest.
For an attacker to sniff an encrypted email in transit (a), the attacker can get it either:
i) In a targeted Man-in-the-Middle attack
ii) As a systemic attacker (e.g. NSA, GCHQ, Compromised ISP, etc)
A couple things make this difficult:
- Many encrypted emails using S/MIME are sent within a corporate enterprise and never leave the perimeter. (You'd have to breach the corporate perimeter)
- Emails are often protected via TLS in transit. (either need to break TLS or attack the endpoint)
For an attacker to steal encrypted email at rest (b), they need to breach a datastore of email archives. Maybe a company's Exchange server, for example.
If an attacker has access to an Exchange server, they probably have access to other things, including the Domain Controller and individual workstations (after dumping NTDS or with Domain Admin creds, for example)
As such, the real Attack Scenario here is a Nation State attempting to decrypt old emails it sniffed in transit at the systemic level.
If they were able to get access to an end point of someone in a shared key thread, they probably can decrypt it with the stored private key on the endpoint, etc.
A nation state actor could feasibly break TLS or sniff traffic at the email provider, etc.
Their target would be activists, journalists, or military / other nation states.
So this boils down to, don't worry unless you're a *target* (not mass surveillance, but a targeted attack) of a nation state.
If that's the case, make sure your OpSec is good. Plan to fail. Fail gracefully. Don't use PGP in the mail client. Copy and paste the message into a separate app.
And good luck. Because fuck being a target of a Nation State.
@crowd42 - You get those. Some govt shops run a half and half w/ 1) Tool Makers 2) Ops. The idea is the tool guys are real smart and should make tools so that anyone can use them. The Ops guys are then trained in how to use the tool. Some never quite understand how the tool does its thing and dont really learn much beyond point and click. See this a lot in phishing. No time for skill or finesse, just send the malware.
@tinker I think that absolutely is the context to see the EFF statement in: They do support a clientele that fits into the "endangered by nation state attackers or large criminal organizations" category (one of the SANS blogs occasionally had glimpses into the kind of attacks on email communications being used in that sphere).
For those people, sending a "if you rely on PGP encrypted mail for vital interests, stop opening mails NOW" warning is a valid reaction.
@galaxis @tinker that's completely valid, but if you see the news they've generated, you'll see it's turned into an (admittedly niche) misinformation campaign by proxy. And it is, I think, their responsibility because of their focus on PGP instead of the real cause of the problem.
(The paper is obviously to blame as well, but we need to hold the EFF to a higher standard on this subject matter than most of the orgs running the story.)
Really good thread here about #efail, mercifully free of breathless hot takes.
Thank you, @tinker .