PGP Encrypted Emails At Risk From ‘eFail’ Attacks

Unpatched bugs could allow attackers to decode PGP-encrypted emails – even those that are years old

German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers.

The two attacks, details of which were published on Monday in a research paper, affect PGP, the most popular technology for sending encrypted emails. There’s currently no fix, researchers said.

Sebastian Schinzel, lead of the IT security lab at the Münster University of Applied Sciences, said the paper would be published ahead of a scheduled date later this week after the embargo was broken. The paper credits eight German researchers, including Schninzel, with the Munster University of Applied Sciences, Ruhr University Bochum and KU Leuven.

The Suddeutsche Zeitung newspaper published details of the exploits on Monday morning.


In a website devoted to the issues, which the researchers called eFail, they said the attacks exploit problems with the OpenPGP and S/MIME standards and can expose the plaintext of encrypted emails.

More particularly, the attacks use specially crafted HTML emails that exploit bugs in the way PGP is implemented in some email programs.

“In a nutshell, eFail abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs,” they wrote.

The attacker needs to first access encrypted emails, which could have been collected years ago. Then the emails are changed in a particular way and sent to a victim.

“The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.”

No patches available

The way the attacks function means that users can protect themselves by switching off HTML in their email clients or by using an external program, rather than an email client plugin, to decrypt messages, the researchers said.

In the longer term they said patches for email client plugins and changes to OpenPGP and S/MIME could prevent any problems.

The Electronic Frontier Foundation (EFF) had earlier warned users that the attacks posed “an immediate risk”.

“Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email,” the organisation wrote.

Werner Koch of GNUPrivacyGuard (GnuPG), an open source PGP privacy suite, said the EFF’s warning was “overblown” and said he hadn’t been contacted. He recommended switching off HTML emails or using authenticated encryption.

Other methods of sending encrypted messages, such as Signal, Apple’s iMessage and Threema have recently become more widely used, creating alternatives to PGP for those in need of secure communications.

Do you know all about security? Try our quiz!