Waking up to news of serious vulnerabilities is never fun, much less so when those issues reside within a critical product used to protect sensitive information in potentially dangerous situations. While the idea of encrypting electronic communications using GPG has been a matter of some debate for a while – with many users claiming its relative difficulty and clunky implementation makes it difficult for casual users to use – its importance in the world of journalism and situations in which privacy is essential is undisputed. It’s therefore distressing when the EFF themselves release a post saying that there is a potentially serious flaw in the system.
At the moment, information on this flaw is scarce, so as always it’s best to wait until the paper is published (which EFF says will be done at 07:00 UTC on May 15th). However, there are some things we can clear up from the start.
Firstly, it does not look like this is a flaw with PGP itself, but rather with implementations of GPG used in email programs such as Enigmail. Both GPG and PGP remain cryptographically sound from what is being said by security experts, so there’s no need to worry that the sky is falling down. The official GPG Twitter account tweeted the following message:
They figured out mail clients which don’t properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation.
— GNU Privacy Guard (@gnupg) May 14, 2018
But as always, it is best to wait for the whitepaper to be released.
Secondly, it’s getting rather irksome that researchers are announcing these vulnerabilities without actually giving the public enough information to work with. EFF, TheHackerNews, and the researchers who broke the story are sending people into a panic with a seemingly hyperbolic description of the issue. Details will be released tomorrow, they say, so why not wait until tomorrow to break the story? Sure, they tell people to stop using email plugins for GPG and switch to Signal, but if this thread on the GPG mailing list is to be believed, there really is no need to do so if users stop using HTML emails or follow precautions such as using authenticated encryption and a MIME parser. This sort of information is much better than telling everybody to cease using the product because everything they’ve ever done with it is fundamentally broken.
Let’s face it: PGP email sucks. From the information available today, it looks as though the issues are mostly being caused by insane defaults in email plugins, or by a user’s misuse of the system (for which there should be no room by design). As I say at the beginning of this post, there are still vestigial strongholds of PGP emails in some industries, but if this whole debacle is any indication of how things are going with it, clearly these systems are too difficult for the average user to use properly.
CSO Online is keeping up-to-date with the issue on their blog, and have given a far better breakdown of the issue than I can. At this point, all we can do is wait for tomorrow and see what the responsible parties have to say on the matter. I would say, however, that this disclosure has been handled atrociously. There has already been far too much panic over something which has an unknown impact, and perhaps has already been mitigated in some circumstances. The researchers seem keen to keep the matter under wraps until the release of the whitepaper, so it will be interesting to see what has been missed out come tomorrow.
The whitepaper and further details have now been published. As we all know, it’s not a vulnerability until it has a website a cute logo.
Security researcher Matthew Green has started a thread on Twitter detailling some of his thoughts on the attack. It’s very much worth a read and he does an excellent job of breaking down the vulnerability into layman’s terms. Essentially, it looks as though the vulnerability allows attackers to modify encrypted email and add malicious HTML code to it, which is then executed on the receiver’s computer, allowing the text of the email to be sent to remote servers. This is quite a glaring problem, and seems to be on the part of the email plugins not detecting the attack and failing to act on it rather than the protocol itself being broken.
The thread goes on to elaborate that PGP is less an issue here than S/MIME, a more widely used protocol which is also vulnerable to attack. This should really have been the meat of the story, as PGP is largely used by a small subset of people while S/MIME is trusted in a lot of critical environments.
This whole (dreadfully handled) debacle needs to be taken as a wake-up call to the fact that email is an inherently insecure and outdated technology. People scoff when told to use E2EE messengers, but the fact remains that these apps are made for the modern world and are not stuck in the past in the same way as email is. GPG email is an incredibly old idea that has been shoehorned in to desktop mail programs (which themselves have questionable security when compared to their web counterparts), and is one that really needs to be addressed. Email is more important today than perhaps ever before: it’s your digital home address, your online home. There needs to be a conversation about increasing security without trying to use overly complex systems such as PGP. And no, making a Tutanota-styled encrypted message for Gmail is not a solution.
Until the least technically competent among us can use encryption fluently and without frustration, there will be no security at all. Signal and iMessage have both managed to address this problem expertly, providing strong encryption without letting the user see any of the underlying complexity. We have to remember that the average user of technology is stupid, and that it is on developers and technology experts to make sure they are protected without having to jump through ridiculous hoops.