PreVeil is not vulnerable to EFail attacks

Recent news articles have highlighted vulnerabilities in the common email encryption standards OpenPGP and S/MIME. These vulnerabilities in some cases enable attackers to access the content of encrypted emails. PreVeil users are not susceptible to these attacks.

 

What are OpenPGP and S/MIME?

 
OpenPGP and S/MIME are open standards that have been used for decades by the security community to support email encryption. OpenPGP describes an end-to-end encryption standard, or a method for information to be encrypted in a manner that only authorized recipients can decrypt. S/MIME describes how emails and their components can be encrypted using encryption processes such as those described by OpenPGP. Both are standards that must be implemented rigorously by any software applications intending on sending encrypted messages to other users of the same standard.
 

What are the vulnerabilities and how do they work?

 
These vulnerabilities rely on an attacker already having access to the target’s encrypted emails and being able to edit the emails without being detected. As described here there are two different ways that the vulnerabilities can be exploited.
 
The first method of attack targets the email application used to read encrypted messages, such as Apple Mail, Mozilla Thunderbird, etc. To perform this exploit, an attacker sends to the victim a new email which contains the targeted encrypted email message along with some new code which is not encrypted. When the victim opens the email, their email application executes the attacker’s newly added code, which then sends the decrypted email to the attacker.
 
While it may seem questionable for email applications to execute code contained in email, this type of behavior is exactly what allows remote images and other content to be seamlessly loaded into emails when they open and often is the preferred user experience.
 
Exfiltration
 
The second method of attack also involves modifying existing encrypted emails and leveraging email clients’ ability to execute code. The difference is that rather than adding non-encrypted code to an email, this time an attacker injects code into the encrypted section of an email. The end result is that an attacker is able to add, within the encrypted message, information to perform the same type of exfiltration attack. This attack is noteworthy because the content of the encrypted message itself is being modified and detecting this type of modification has long been possible.
 

Why do the vulnerabilities exist?

 
In both cases an attacker is able to, without being detected, inject special code that is then executed by the recipient when the email is read. This is possible because the OpenPGP and S/MIME standards don’t require client implementations to check that messages have not been tampered. Some implementations of OpenPGP implement Modification Detection Code (MDC) logic which blocks the exploits discussed. MDC code can detect the attacker’s modifications and prevents the email from decrypting and executing code.
 
Unfortunately, as described by Matt Green, MDC is not mandatory because requiring it would change the standard that has already been implemented by dozens of email applications. If some clients but not others are updated to support MDC, there will no longer be a universal standard and communication between clients would no longer be guaranteed. In a way, the fact that these standards have been around for decades is precisely what makes it difficult to implement wide-scale changes to how they work.
 

How is PreVeil protected from these attacks?

 
PreVeil uses the well-proven, open-source NaCl cryptography library instead of OpenPGP or S/MIME when performing encryption. With PreVeil, any HTML or other code that is sent along with an email is encrypted along with the text of the email so an attacker cannot inject extra code or multimedia content into a message.
 
PreVeil also implements digital signatures to verify the integrity of each message before decrypting it, meaning that if any PreVeil message is modified, PreVeil can detect the change and stop the email, therefore making it impossible for injected code to be run when a PreVeil message is opened. Since the PreVeil system is currently accessible only by first party applications, PreVeil is able to guarantee that the applications are thoroughly and properly secured and can rapidly make changes while ensuring that all PreVeil users can communicate.
 
Digital signing is a well know cryptographic technique that allows PreVeil to detect when information is tampered. In simple terms, signatures prove that a user has sent a message by “signing” a shortened version of the message called the hash. The act of signing a message requires a user’s private key which is not accessible to an attacker.
 
When a PreVeil message is received, before displaying the content to the user, the message is decrypted and a hash is calculated. If that hash is the same as the hash in the signature, the message is allowed to be displayed to the user.
 
PreVeil message paradigm
 
If an attacker tampers with a message, the message hash will change and PreVeil will detect that the message hash is different than the signature hash. In such cases, the message is immediately discarded. An attacker will not be able to create fake signatures or send emails as Alice because the attacker does not have the private key required to “sign” messages as Alice.
 
PreVeil stops message tampering
 

End-to-end encryption still provides effective data security

 
While these attacks demonstrate that standards themselves are not enough to guarantee security, well-implemented end-to-end encryption is still a powerful method to secure corporate and personal data. Those who are employing existing OpenPGP or S/MIME for personal or corporate use should verify that their applications are up-to-date and identify, discard, or at least warn users if tampered messages are detected.
 
If you’re already a PreVeil user, you’re safe. PreVeil’s specific use of end-to-end encryption techniques and digital signatures protects you against these attacks. If you don’t yet have PreVeil, check it out for free and start using end-to-end encryption for your emails and files. PreVeil was designed with the ground up to be the easiest-to-use encryption product both for personal and business users and to seamlessly integrate into current enterprise workflows.
 
Learn more about us at www.preveil.com or reach out to us at [email protected].