35C3 preroll music Herald: The following talk is about email encryption. Who worries that their email encryption might be capable of being hacked or cracked? Worry not as far as I'm told it still is rather secure. But. And the but will be answered by Sebastian Schinzel who is one of the eight security researchers who uncovered the drama and the details behind e-fail. A recently occurred issue with OpenPGP and S/MIME in a lot of email clients. All the technical details he will dig into so please give a warm hand of applause for Sebastian Schinzel. applause Sebastian: So it's good to be back. Thank you everyone for coming. My name is Sebastian. It's my fourth talk here at the CCC. And the other talks that I did were also on encryption so I somehow like encryption and I like analyzing encryption and I like to break encryption. So I did a talk on TLS where we found an attack against TLS and against XML encryption for example. And I usually start my talk by asking Who's using this this specific technology, right? Because when you when you usually when you're analyzing or doing a talk about a communication protocol you ask the people who's using that and you know for e-mail it would be silly, right? Because, who's using e-mail. Every one of you is using e-mail. OK. Because I don't know. I mean when you started using the Internet like in the last 20 years or so usually the first thing that you do you dial in onto the Internet and you make yourself an e-mail address, right? So everyone has everyone uses e-mail. But let's take a look at how things work when when you send an email. So when you click in your email client when you when you compose an email and you click into your email client "Send". So the first thing is on one of your devices you're using the local network and there's a green arrow because it's under your control. So you can define by yourself how secure this link is gonna be. Then you use the next connection and the next connection will be to your SMTP server. And this is also a green arrow because it's under your control. Okay. You can control this and usually it's TLS. The same as valid for your IMAP folder because always when you send an email via SMTP you will upload a copy to your "sent" folder on IMAP and it uses TLS in most of the cases so therefore the arrow is green. The arrow is not that green anymore when it comes to the backup strategy for example an archiving strategy of your email provider which may be gmail or gmx for example or your company. OK. But you may have a chance to know the administrators and ask him whether they are doing a good job and stuff like that. You're also - it's not under your control where else your email is uploaded to. So for example in order to check it for antivirus or anti spam and stuff like that, right? So it gets uploaded to some cloud, right? Because you want to do a spam filtering and then it goes out to the Internet and you know we learned what's happening on the Internet. People are listening in on the Internet and we heard from Edward Snowden for example that many nation state actors and agencies are doing this as well they are listening into your e-mails or they at least try to. And then the arrows get red as soon as it hits the SMTP server of the receiver. Right. Because you don't really know whether they are using TLS, encryption in any case. You don't know whether they upload it to another antivirus vendor or so and then it gets uploaded to the IMAP folder to the inbox of the receiver where it gets archived again, right? There is a backup is being done and stuff like that, it's archived. And then finally the receiver of the e-mail has the ability to check his own email and retrieve the e-mail from his inbox. OK. So even if you know that the other person that you've just sent the e-mail to does a good job in securing it and uses encryption everywhere and so on and so on. You never know whether there's some attacker or so who has compromised the infrastructure and so on and so on. OK. And this problem multiplies. When you send an e-mail to multiple people because then all of a sudden the e-mail that you just sent, your e-mail, hits infrastructures of many other people. OK? So many people have access to this e-mail and this is the first thing that I want to - this is the first point that I want to make in this talk. People usually talk about their e-mail. It's my e-mail, you know? And when I run my own mail server it's going to be secure but this is not the case. I mean the the point of using e-mail is distributing it to your friends to your colleagues and so on and so on because we want to exchange. It's a communication method but the communication is archived so people archive this and so on and so on. So it's it's a mess basically. OK. So for the rest of this talk we need to have some assumption that someone has access to the e-mails. OK. Because right. We just learned that it's distributed. You're archiving your own e-mails in your IMAP folder and so on and so on I have the e-mails of the last 15 years or so in my in my IMAP folder and if someone gets access to it - right - boom. I have a problem. Okay. And in order to cope with this people came up with end-to-end encryption. And there's two competing standards out there. The first one is OpenPGP. It was first defined in 1991 from Phil Zimmermann invited it. And this was like this happened in the first crypto wars. So this is a very interesting story. And it's the most widely used e-mail clients they they support OpenPGP but only when you when you download the plug-in, OK? For S/MIME you usually have native support in most of the applications so you just get an S/MIME certificate and off you go. You can just use it and it just works out of the box but it's mostly used by corporate organizations and military for example right. Not so much by privacy advocates like OpenPGP. Now we can't measure very well how many people use S/MIME. We tried but there doesn't seem to be a public source where we can measure this but we can do it on PGP because PGP has key servers and you can upload your key there so that people can communicate with you in a secure manner. And this statistic here is the amount of new published public keys per month. And it started off very low in 1997. Then in 2003 we saw a constant rise until 2013 where we see a a spike here where it more than doubled. Does anyone know why we saw this spike in 2013? Someone in the audience: Snowden! Sebastian: Snowden right. Edward Snowden we had the Snowden revelations and Edward Snowden uses PGP to communicate with the journalists who did the actual, like, disclosure of the documents. And so we see this in the uploader keys so people use PGP much more. We also see this in the amount of daily users of Enigmail which is the plugin for Thunderbird. And you can extract this information and there we also see around 2013 we see a jump and it increased by 50 percent or so something like this. So people use PGP, right? It's not that many when you compare it to how many people use e-mail a few hundred thousand is not that much but still it's a substantial number. The problem here is we know for a fact that in the last 20 years or so especially non-technical users are not able to use PGP in a secure manner. Okay. So we have the first paper from '99: "Why Johnny Can't encrypt" and then we have a follow up paper from 2006: "Why Johnny still can't encrypt", OK? So OK. Must've been better I hope and then in 2015 we have "why Johnny Still, Still can't encrypt". OK? so we have a long story where people try to use PGP but failed, OK? And this is not something that is inherent in an OpenPGP. We have the same papers for S/MIME where they said novice users - and where they confronted novice users with with S/MIME and they failed, basically. They weren't able to use it in a secure manner. Okay. So therefore in order to enable people to use PGP, especially PGP and S/MIME in a secure manner you have many tutorials out there. And this is a very interesting tutorial because it's the original video that Edward Snowden recorded in order to teach Glenn Greenwald how to use openPGP. It's still on Vimeo. The original video is still there. And what is interesting there is he doesn't recommend a plugin for an email client. He basically says just use web mail and use this PGP standalone application type your message there click encrypt and copy and paste the ciphertext into your web mail, OK? So there's no integration and others recommend for example Enigmail or GPGtools. Enigmail is the plugin for Thunderbird and GPGtools is the plug in for Apple mail, which means that most of them had HTML switched on which is an interesting fact. OK. For something that we are going to talk about later. So I thought about how can I do this talk. And this is how I came up with the agenda. So we start off with some attacks that are very I find pretty interesting. At least for an academic they are pretty interesting, and we slowly degrade to pretty silly attacks and you decide for yourself whether you would fall for it or not. I came to the conclusion that I would probably fall for them. OK, I lied. So we start off with something that is even worse than silly. So what is it what's the worst thing that can happen when you're sending an encrypted mail. Audience: You send your private key. Sebastian: if you send your private key there would be bad. What's even worse? Audience: You forget to encrypt. Sebastian: you send a plain text. Okay okay. So in 2014 there was a bug in Enigmail which is documented in their bug tracker. So basically you compose an e-mail you tell Enigmail to sign and encrypt it, and then you send it and it will be sent in plain text. Okay. Oh okay. This is not good. In 2017 Outlook did it much better because they did encrypt it but they packed the plain text along with the ciphertext. (Audience: laughing) Okay. Bad. And then in 2018 you may remember this is just a few months back or so Enigmail or pretty easy privacy. It's a plugin to Enigmail, so a plugin to a plugin that's actually used for novice users. It gave the feedback that the email that you're composing will be encrypted but it wasn't. Okay. And the good news here is: the e-mail attacks don't apply here because, OK, I mean, it's about I don't want to make fun of any developers. The point that I'm trying to make here is that email is a plaintext protocol and it's always very difficult to make a protocol that was made for plain text delivery - to make this encrypted. When you have a plaintext fallback you're into trouble. Okay. And we we saw the same basically with HTTP and HTTPS. OK. So HTTPS is like now secure but they hit the same issues right and browsers and so they were falling back to HTTP and so on and so on. So it's really really difficult. Now that we have this out of the way. Okay. We tried to look at the interesting interesting box and before we start I want to make a short introduction into how the cryptography in S/MIME and PGP work. And I just make one introduction because both are the same from the viewpoint of the attacks that I'm going to present. Okay. Both are very similar actually. So we start off by writing a message, m, this is here we generate a session key, s, that that's basically a random session key and we use this session key to encrypt the message and make a cipher text, c, and we use AES or triple DES for example any symmetric cipher will do here. Then we use this session key that we just generated and encrypt this with a public key of the recipient and we get a K and we pack this K into the message so everything will be packed into a message and sent off to the receiver. The receiver then obtains the encrypted email he starts extracting the ciphertext K and the ciphertext C. From K he decrypts s which is the session key, right? And with s he can decrypt the ciphertext C and retrieves m. And so both have the same message. Okay. So it's basically a hybrid encryption you use symmetric encryption for the actual encryption off the message and then asymmetric encryption to just encrypt this session key. Now, if you attended my previous talks I talk a lot about ciphertext malleability. So you make tiny changes to a cipher text and it will lead to predictable changes in the plaintext which is strange, right? So we would assume when we just flip a bit here somewhere, okay? Here's a bit that just flipped and where we decrypted we get something like this. Usually you would think OK. It's total garbage. Nothing sensible should come out of this but we see something like this. Most of the message is still intact. We just have a few randomly looking junk binary stuff in there and we see one changed character here. That used to be "email" and now it's "efail". Okay so there was just some bit flipping happening here. In order to understand this we need to introduce something that we called a mode of operation. AES or any other block cipher has the property that it uses blocks. In most cases it's 16 bytes. And when you want to encrypt more than 16 bytes you need to call AES multiple times and you split it into blocks and CBC is one way of connecting these ciphertext blocks so the decryption works like this. You have the first ciphertext block the second ciphertext block and the third ciphertext block. Only the second one is decrypted so C1 is decrypted using AES and your key for example. And the result here is not directly the plaintext but it will be XORed with C0 which will we would also call an initialization vector. Okay so whatever is written in here will be XORed on whatever comes out of this description and we get this plaintext here. Now when we flip a bit or when we change a certain byte in C0 we change whatever comes out here of the decryption and we will flip the same bit at the same position in the plaintext which is interesting because now when we say we use the original c0 and XOR it with p0. So when we XOR it when we XOR two times the same value we get basically a block of all zeros which is like a blank sheet of paper that we can write on and we call this thing - these two blocks here in combination - we call this a CBC gadget because we can reuse it as as much as we want. And when we now take a chosen ciphertext the nice thing is here we just XOR it - the chosen ciphertext on this initialization vector and it means that it will here result in a chosen ciphertext. So this requires that we know the value of p0. We need to guess this value of p0. And this is always true at least for S/MIME because all S/MIME emails start with a content type so we always know the first bytes. So this is valid. We can do this now. This was like the perfect scenario. It does have some drawbacks because when we tried to do the same for C1 we switch, we flip, a bit here then we flip a bit also here. But the decryption of C1 results in this random junk and we can't do anything about it. We don't know whatever will come out here and we can't control it. Okay we just have to deal with it. It's gonna be there when we use the CBC gadgets and we have to deal with it. We have to find a way to deal with it and now we can explain this behavior, you know? You remember this e-mail where we just flipped a single bit and we saw one block was destroyed basically. And then the other block we had like we can flip arbitrary bits. That's the explanation for it. Now how do you how do you deal with it. How should a proper crypto protocol deal with it. Usually you do something that is called a message authentication code. It's not a digital signature and message authentication code is something like a checksum a cryptographic checksum that is put right next to the encrypted message and that can be checked after decryption or for decryption. OK? The message authentication code is solely there to detect changes of a ciphertext. Digital signatures are different especially in the mail context because they're pretty much totally separate from the decryption part. So digital signatures are merely only used to display an icon for example for valid signature or invalid signature. And the problem here is a smart attacker can use a signed email and strip off the signature. Okay. We just strip off this part that we know there's a signature we can remove the signature and then this doesn't mean there will be an invalid signature but will get something like this. This is the icon in thunderbird for encrypted and not signed so we can simply strip off a signature and there's valid reasons to send an encrypted email without doing a digital signature on it, right? So we want to do both. So digital signatures won't prevent this attack. So how does S/MIME look like? Basically, I mean, most of you will have heard of MIME. MIME is like a standard that we use in emails anyway. Here we have an e-mail header. It looks very similar to HTTP. We have content type, colon, empty space, and then it's whatever is coming now for data. And then we have an e-mail body with envelope data and there we have the list of the of the encrypted session keys that this ciphertext was encrypted with. And after that we have the encrypted content info here. This part is the encrypted part where the actual message where the actual message lies. And now when you look closely and you squint you see there's no message authentication code and it's not because I left them out but because S/MIME doesn't define one. So S/MIME doesn't have a message authentication code which means it cannot detect bye the standard whether a message was changed - whether it was changed or not. So how can we attack this? How can we use it? I think you all have a feeling that this shouldn't work, OK? This is nothing that is supposed to work. This is the plain text that we want to exfiltrate and we only know the first block. We can pretty much always guess the first block because it's always content type: text/html or text/plain something like this. Now we can use this as a gadget here and write our arbitrary plain text. We have a random block and then chosen plain text. Then we copy it again. We again have a random block and some chosen plain text. Then we have a random block and a chosen plain text. Then we have a random block and a chosen plain text. Then we copy here the original ciphertext and we close this thing. And when you look closely again you'll see that we're building HTML here right. That's the base tag. That's an image tag. It uses a URL. That is not closed here. It will be closed down here. And this is effectively the URL. OK. A URL-path and will thus be exfiltrated. So when this XML is interpreted the actual plain text is sent to the server. And here we have an old Thunderbird. So that is a version of before May and before we did the disclosure. We first compose a message just to have some PGP ciphertext. This is a very secret message. And here we have the attack e-mail that is already prepared. And now it asks us "This remote content in here. What do you want to do?" And we just for the laughs just - like this - we just click it and we see always now when we select the message an HTTP request is done to this to this URL. And when we decode this - it looks pretty - it's encoded. But basically what we have here now you see here is the secret message and here is random junk. And here again is random junk, right? So it was successfully exfiltrated. This was the first proof of concept that we had. Right? And. Okay right? And so this works. This is like - this dialog here that you get in Thunderbird that ask if should I should a load remote images. Yes or no. This is basically everything that is keeping you from losing your your PGP or S/MIME ciphertext - S/MIME we're talking about S/MIME here. Now what we did next was we were asking ourselves, OK: It works with remote images. We understand this ,but what other back channels do we have? Back channel is something where your email client is communicating over the network. That's. So it's not necessarily exfiltrating but it's just like how can we convince a client to make a connection to somewhere else. Now I colored in red all the e-mail clients that require user interaction - that always require user interaction before it opens up a network connection somewhere. In orange we say that there's no user interaction. So these are the clients that allow for example loading remote images by default. OK. There's mail app for example there's gmail for example. They will not ask you they will just load it, OK? And but what we think is worse and therefore we colored it red are the clients that say we won't load remote images or any other way of communicating over the network. But then they will because we want bypasses. So because preventing loading remote images is basically a firewall and we bypass this local firewall and found several ways of extracting it. And there's even four or five of them that even allow JavaScript execution in a mail client. I mean come on this is really weird. So basically 40 of 47 clients have back channels that require no user interaction at all. And now we went out and tried to think about how can we exfiltrate plain text over it. And this is the final table the final result table for S/MIME and it looks pretty grim, right? So the red ones means it's vulnerable. That means we could exfiltrate plain text successfully. The ones with a dash they don't support S/MIME and Claws and Mutt we just didn't find any remote connection there. Okay. Which is good. Which is good. Yeah. That's a round of applause. Right. applause So I didn't say what S in S/MIME means. It actually means super. So it's super MIME. I don't know. Is it Super MIME? And basically his kryptonite. You know the the super villan of Super MIME is HTML. Right. You could say this. So S/MIME is broken by HTML and it's a very annoying kryptonite because it jumps you know like it's ugly colors. Now this is my Thunderbird that I have on my Mac at home. So this is like something that I recorded two days ago or so. And here I want to try to show you a way of exfiltrading the data without using HTML. So HTML here is disabled. This is the message that we want to break. And here we see the same message where we just changed, using gadgeting, we just changed the URL. So in Thunderbird when you disable HTML it will still highlight the links and when you click on it you're gonna exfiltrate plain text, right. So we require a little bit of user interaction but we can basically change a S/MIME ciphertext in a way that it will contain links and when you click a single link you will lose your your plain text. It's just a single click on it and the thing here is - I mean this is not a zero day in e-mail client, right? You just can't do anything about it. That's the problem. Okay. So people said okay so efail - just disable HTML and then you'll be fine. But the problem here is basically efail should work with any format that supports external connections. So as soon as you have a file format for example that supports external connections like PDF here, right? This is a PDF. When you click on it it will warn you and will say "Do you really want to make a connection to this domain?" And if you click "yes" you will do a connection there, right? And when you look at the how the URL is encoded in the PDF when you open the PDF in an hex editor you see it's just a string just like HTML, basically, right? So we could in theory use this as well. So you could change and S/MIME e-mail that it contains a PDF attachment and when you click the PDF attachment it will exfiltrate. With no user interaction, it works with with Microsoft Word for example. So that's a doc file and doc files allow external images that will load. It has no user interaction at all, so you just open it and the request will happen and the only problem that we're having here is it's not an ASCII URL, it's a Unicode URL. So I'm not sure whether this works with exfiltration but hey no user interaction, right? And. Now you could say "Okay PDF, Microsoft Word. That's very bad." - The same works in in LibreOffice and it's not a bug in the viewers, right? It's a basic feature that has been in these standards forever, right? So it's a thing that will be supported. It's not a zero day vulnerability in these viewers. It's just the file format support it, so you can abuse it. If you have some time: here's a challenge for you. If someone is able to make a successful demo for exfiltrating an S/MIME e-mail using a PDF or a doc file for example you will get a crate of Club Mate and some efail swag, if you want to? OK. So what happened after we disclosed it. Obviously we disclosed it to all the manufacturers and so on. And there's an S/MIME draft of a new RFC. So there's a working group and they already massaged the countermeasures into the current RFC draft. So for example to counter the CBC gadget attack they say: use a GCM which is not right now in the in the current RFC but in a draft it's already in. And so they're referencing the paper and they're saying: "OK you need to do this and do this as quickly as possible." And the second Efail attack which I'll talk about very soon is also mitigated in this in this RFC draft. OK. So S/MIME was pretty much broken. And you can just try to convince your e-mail client not to do any external connections. OK. That's all you have. Which at least, I mean, for cryptographer this means broken, OK? When you have to rely on the viewer not making any connections, the cryptography is broken. So what are the changes to OpenPGP because there are substantial differences to to OpenPGP. So first of all PGP uses a variation of the CFB-mode. It's not CBC-mode but CFB-mode. And they have pretty similar, they are very similar. So I won't show it here, if you are looking for the details, please look at the paper, but it's very similar. We can also flip bits and we also have these chunk bits in the middle and so on. What really caused a lot of headaches is the plain text compression. So that means in OpenPGP you don't encrypt directly the plain text but you deflate it before you encrypt it and that makes it very hard to guess plain text bytes, because for our attack to work we need to guess plain text bytes and when we know plain text certain parts of the plain text but it's deflated we have a problem. Okay? And what is also the most important thing is that OpenPGP defines a modification detection code, which is basically this is the message here. And the modification detection code is a hash of the message appended at the plain text and then encrypted. Okay? Which should detect plain text modifications. Now how does the OpenPGP standard say how to deal with broken MDCs when an MDC is not valid. Well, they say an implementation must treat an MDC failure as a security problem, but they don't say what is a security problem. What do you need to do then. And the implementation may allow the user access to the erroneous data. So the modified data may be passed on to the e-mail clients. And basically we tried to do this, right? But before we go there we looked at how many keys on the public key servers support MDCs at all. So MDC is a feature that came to OpenPGP in the early 2000s and before that it wasn't possible to use it. And so therefore to make this to make the change from software that doesn't use MDC versus software that that does use MDC they encoded in the key whether you support MDC or not. And here you see those keys that were generated in 2000 they don't support MDCs and the green ones - they support it. But, the problem is, when you accumulate all the valid keys in PGP that don't support MDCs we still see that at the key servers right now in 2017 we have something like one point seven million of the keys that don't support MDC. So when I sent an email to one of these people my implementation will not use an MDC, or right? They - yeah I'll come to this later. So we thought about okay how can we make a structured analysis how the MDC is treated with. The OpenPGP standard is not clear what to do with it. And so we have three test cases. First of all, we try to strip the MDC. So we just use this encrypted packet here and strip off at the end. We just say OK it's incorrect, right? So we make our modification in the plain text and see whether they will detect this error or we could also do this downgrade from the packet type that supports MDC to the old packet type that does not support MDC, right? And when we check this, especially with the most widely used clients we saw that Thunderbird and Enigmail and Apple Mail and GPG tools they basically ignored the MDC and that was the reason why we didn't see the MDC as very important because in our test systems it wasn't just treated, OK? Now what are the Efail related changes to OpenPGP. And we're talking about the changes that were done after we disclosed this to them. First of all they made something that is very important. They say that the packet type and PGP that does not support MDC is now obsolete. So you must not use this packet type anymore. You must ignore it. Which also means that when you have used non MDC messages in your mailbox you will not be able to open them anymore, OK? Yeah. That's a problem. Then they also said: "OK, what is supposed to happen when the MDC was wrong?" And this is the text that we have already seen where we said "the implementation may allow the user access to the erroneous data" and they changed this in the current draft to "the implementation should not allow the user to process the erroneous data." Right? They must still warn the user. And so on and so on. But it should not allow the user, which is good. That's a good change. So this was the - this MDC check is a bit troublesome because it's right at the end of the plain text, so you can only check the MDC when you have fully decrypted the message which means when you have a large e-mail or a large back-up or so you have to fully decrypt it and afterwards only you can tell whether it was valid or not. And the solution of GnuPG is that it will just stream - while it decrypts it will stream the data to to the e-mail client and afterwards tell it whether it's supposed to use it or not, OK? So here's your email, here's your e-mail, here's your - Oh no! You must not use it, please forget it, right? Which is not fine. This is not a safe way of doing it. So the current OpenPGP draft, before Efail, before we did the disclosure already supported something that they called chunking. So they not only have an MDC some kind of a MAC at the end of the plain text, but they chunk it into more chunks and each of these has a MAC - a real MAC - which is much better because, right? You can authenticate chunks and cache it before you give it to the app. The problem is that the standard says that 120MB is like a good chunk size which is far too big, right? Far too big. And when we look at the Efail related changes to GnuPG. So for example MDCs where they used to be warnings. So when GnuPG was detecting that an MDC is not there or it's wrong, they would just warn it but it would still print it out. GnuPG now, like, fails it makes a hard failure now and GnuPG now always uses the MDC independently if the key denotes that the receiver can use it or not. Which is also very good but it is a breaking change, rightß So when you have people that send you PGP e-mails and you can't decrypt them anymore you have to tell them that they need to update GnuPG. They also say that the default chunk size is 120 megabyte which means they still stream unauthenticated plaintext so they missed this opportunity to make this go away, which is a pity. Okay. What is not answered neither by S/MIME nor by PGP: How to deal with past e-mails? So, basically all the emails that you're sending in S/MIME encrypted right now are insecure and the old ones that don't use MDC in PGP they are also not secure and nobody talks about what's supposed to happen with them, right? Okay, that was the interesting attack. That was the one that was really cryptographically involving, that required changes to the standards and so on. Now let's look at something that's a bit more silly. Okay, so we have Alice writes an e-mail to Bob, we encrypt it and send it off to Bob. Now here we have the original e-mail and now Eve composes an attack e-mail. And it somehow gained access to the PGP ciphertext, it also works for S/MIME, right, it's independent. It's a vulnerability in the in the mail clients. And now we don't change the ciphertext we just surround it with other MIME parts that are of type HTML and that exfiltrated the same as we did before only that we don't need to change the ciphertext at all, right? So basically when this is decrypted it will be replaced with a plain text in place and then it will be merged into one document. And now I have to tell you something that many people don't seem to know. All mail clients, except mutt, they use HTML to view emails. So even when you disable HTML it basically means that they will use incoming HTML e-mails, parse them, transform them into something that looks like ASCII and display this in HTML. Okay. So, right? There is no such thing as ASCII e-mails with most of the clients. So but here now you have one HTML document which basically means the same, it will exfiltrate and very easy. Okay? So let's look here and on this video here we have we create one ciphertext we encrypt it. We use Apple Mail because this was one of the two vulnerable clients and we just open this email in order to view the PGP ciphertext, right? We look at the raw code of the ciphertext, raw source and we scroll down and there we see there's the PGP message, OK? Now in the next minute Eve somehow gained access to this ciphertext and it will compose a attacker email which is hidden in a python program that we just use to generate an e-mail, so this happened now in the background, you will see an e-mail is incoming. Here we just open the access log for this and when we click on it, right at this time, it will be exfiltrated. Okay. So very easy attack, anyone can do this, you don't need to know anything about cryptography you only need to understand a little bit of HTML and a little bit of MIME and you can execute this. You know what's worse than this? How about we just exfiltrate many e-mails with a single attack e-mail because we could basically use - here we open an image, here's the ciphertext. Here would close it. Then we open another image. Here's the second ciphertext. Then we close it. Then we open a third one and so on and so on. And what you see here, on the left hand side you see there's 100 ciphertext packed into one e-mail that is sent to this client. I blurred this because I used 100 GPG e-mails that I sent, right? I didn't want to show them to you. Now this takes some time. Now it's like decrypting, decrypting, decrypting, decrypting. And when you look at the terminal on the left side you see 100 e-mails getting exfiltated, right? Automatically simply by opening a single email. Okay this is horrifying. Applause And when I say horrifying I'm really literally mean: this is horrifying. So we were like afraid OK when we disclose this then people will start attacking this within the hour or so, OK? And so we disclosed this in early 2018. End of 2017, early 2018. And in May 2018 we had already shifted the disclosure date twice and in May we said OK we won't shift this anymore. And so therefore we said OK we go online but we want to make a preannouncement. We want to warn the people that if you use PGP or S/MIME for very sensitive communication you should disable it in your e-mail client for now. These are the original tweets that we sent and we said: OK, In a day, OK, when you have done this then we will disclose everything, OK? We will go online with the paper and everything. And now I mean people started talking about it and then the GnuPG people started tweeting and they basically broke the embargo. So they told OK the attack is working like this. First you do this and then you do that and then you do that and they were blabbing and so on and then they sent it, which is annoying, but then they sent this. So they said know that new GnuPG team was not contacted by them in advance. And this, this really, OK? Then it got really hot. Okay. This is not true. I will show you later, but I mean this tipped off almost anyone in the INFOSEC community. And we got hate e-mails and yeah people were really mad with them, I posted "We did contact them." and this is like the, these are the original dates when I talked with Werner Koch which is the main developer of of GnuPG. But it was too late. I mean they they recognized that they said: "Oh yeah, oh I forgot!" Right? That they sent this paper here. That writes EFAIL with our names and a date and an embargo and so on and so on. And they said they forgot it, OK? But I mean we lost at this point, OK? People were hating us. I was called a murderer. And and so on and so on and so it was really, really weird. If you're interested of how things worked, right, this is an independent summary of the disclosure timeline from Thomas Ptacek which is not involved with us at all we have never met him, but who was so kind to just compile this just from public information that are really reliable. So and then something happened that we what we could foresee. People were finding - like there were some patches - and I told you already that we saw that these patches are not sufficient. And two days later people came up with new style of attacks, new EFAIL attacks and this was Hanno who found something. So he said I found a trivial bypass EFAIL is still exploitable with the latest Enigmail and Thunderbird - that is three days after we did the disclosure and he responsibly disclosed this and so on and so on. So everything is fine. Micah Lee, from The Intercept, also developed a proof of concept exploit that works against Apple Mail and GPG tools also 2 or 3 days later. So we were right, right? So people were finding ways to circumvent the fixes that were in there. But still I mean, OK, media was blowing up, OK? And we didn't actually understand what was really going on there. But you have to know I mean PGP is like, one of the main users of PHP, eh of PGP is journalists, right. So and they basically, I mean you show it to them look that's the attack and they will like what? That's how easy it is? And that's what you see in the press I guess. So what are the lessons learned from the disclosure. So first of all: people kept complaining, I mean people kept complaining to us that we didn't stick to the 90 day disclosure deadline. So we had more than 200 days disclosure and we postponed it and so on and so on. And in the aftermath it didn't make sense because we were postponing and postponing it and there were still no reliable fixes. So we should have stuck to the 90 day disclosure deadline because after we disclosed it they were in a rush. They released patches and stuff like, you know? So it was, yeah. Be careful with disclosure preannouncements. The problem here is people will speculate about the details. You know, because when you say: "OK we'll disclose something tomorrow but we're not going to speak today" - then journalists will speak to some random people, right? That they just get their hands on and they will just try to guess what it could be. And this means they will underrate the risk or they will overrate the risk. Underrate the risk is just disable external images, loading external images, then you're fine. That is underrating and overrating is like: "OK, PGP is broken, forever", right? Which is not the case. And they will spread this false information and you still see this out there, right? It's documented. People have issued like papers and so on and so on with wrong information, provably wrong information. Which is bad and so these disclosure preannouncements are bad because you're not in control of the communication anymore. That's very bad. And controlling information flow really is key after you do the disclosure because otherwise you get the wrong story out and this this doesn't help at all. Okay. Let's look at the last attack, and we call this reply to attacker. And I have to give credit to the people of Cure53, which also found this bug or a similar very similar version of this bug as well and disclosed it. But they were first to disclose it so credit goes to them, OK? Here, the attacker scenario is I get an e-mail from some person which makes sense. It's a benign e-mail. Okay. It doesn't look bad at all. And a person wants to trick me to answer this e-mail. So this is the e-mail that I get. There's some footer here and stuff like that. And now we look in the video, it's an old version of Mail that we use here. Right. This is the e-mail. We just - and I answer it, right? Because people were asking me for an appointment they want to meet me and I was like yeah sure after my talk let's just meet. And this is the attacker e-mail that the attackers opened and when you look closely down here you'll see secret stuff here that shouldn't be in there and that I didn't send actually. Let's look at the plain text of this e-mail and the source code of this e-mail. And when you scroll down you see it's a mix of just a normal, just a normal e-mail, benign e-mail. And down here you find a ciphertext it can be S/MIME it can be PGP. It doesn't really matter. And what's happening now is: I get this e-mail, this here will be decrypted from my mail client and I don't see it because I won't scroll down. I'm a lazy person I'm a top poster. Right, now you can go boo and so on, OK. But still I mean top posting is considered evil here. Because I basically - the attacker was sending me an e-mail where ciphertext was hidden in there that my e-mail client was decrypting and I was replying to this e-mail sending the attacker the actual plain text that I just decrypted, without knowing it. Okay that's silly. Okay. Come on. That's really silly. Okay. What are you supposed to do now. What are the things that you should do. And the important question here is you should ask yourself are you targeted by motivated attackers? And a motivated attacker is not necessarily the NSA or so, right? It can be just, I don't know, Cybercrime people or so. I mean we we basically came up with these attacks with 8 people abd the better part of a year. Which is not you know, which is a lot of research actually but it's not like comparable to a nation state. Right. So if you're targeted by a motivated attacker and if you say yeah you are probably targeted by motivated attackers then avoid e-mail in total. E-mail is not made for secure communication. Okay. If you can't avoid it and there's people who can't avoid using e-mail they can't just use signal or any other chat client, then definitely use OpenPGP and encrypt and decrypt outside of the mail client. If you are probably not targeted by motivated attackers, which is most of you and I presume I would count to the same people here, definitely prefer OpenPGP over S/mime because S/mime remains broken. Right, there is a standard coming up which fixes most of the stuff. Disable HTML for encrypted emails and this is like not that easy. Note that most email clients use HTML by default and it might be okay if you fix it, the people that I hear in the audience. But think of all the people who are not here in this audience, who are not technically versed and so on and so on and they will not disable HTML, right. So be careful with attachments which is also very difficult, how can you be careful with attachments. Right. This is not very good. And don't top post, don't cite text in a reply. Okay. That was my talk. If you want to meet us afterwards we're gonna go to the Chaos West. There's a huge and lighted palm and we'll be there if you have questions you can ask us there. Thank you very much. applause Herald: Thanks a lot Sebastian, for this interesting talk. We still have some time for questions, so if you would like to ask some questions to Sebastian then please queue up behind the microphones, and please try to be concise with your question, and please get close to the microphone, because the mixing Angel in the back is able to make it quieter, but hardly much louder, if your distance is not right. So let's start with microphone number 2. Microphone 2: Test, test. Hello. I'm actually tested the HTML exfiltrate you described. But I found out, in Thunderbird, the HTML parsing of Thunderbird was actually helping against the attack, because the word tags was just disabled any possibility to exfiltrate the message, because there were some div tag, which is closing your image tag at every point in time Sebastian: Yeah, so, this is one of the fixes, that they did. I mean it doesn't help with the cryptography, but it makes the exeltration a bit more difficult. If you want to do the testing, try the versions from before May this year. Microphone 2: I did, I did with the old versions. Sebastian: We can talk afterwards if you want, and I will show it to you. Herald: We are streaming all the talks on the Internet and we have people on the internet that would like to ask a question, so please a question from the internet. Signal Angel: Yeah, so there were actually many questions in the direction of problems with MIME standards. So, like, what they were asking was basically "Woudn't the exploitation be prevented, if the email clients would handle the standart correctly?" Sebastian: Mhm, okay. So, I am not sure whether they meant the MIME standards or the S/MIME standards. So basically, the MIME standards are that one to blame for the direct exoltration attacks, were you have multiple MIME-parts that are mixed together, and the MIME standards don't state explicitly how to do this. So they don't have any rules of how to handle it, and basically I think, as a rule of thumb, when you try to be concise and complete with implementing the MIME standard you were vulnerable, and if you were just lazy and just for example decrypted the first MIME-part or so you were not vulnerable. So, leaving out much of the stuff made you more secure, which is weird. Herald: Thank you for the answer. We have another question in this hall, on microphone number 6, and please remember to be concise and get close to the microphone. Microphone 6: What do you see Audio feedback loop Microphone 6: Sorry. Herald: Very good! We can always make it quieter. Applause Herald: Laughing Microphone 6: What do you see as a future replacement to PGP for email encryption? Sebastian: So actually, we brainstormed a little, because PGP lacks many of the modern properties, like forward secrecy and stuff like this, but it turns out that it's not very easy to do this. Especially not with - when you don't want to do changes to SMTP and IMAP. So, it's gonna be difficult. It's gonna be difficult to make it more secure than PGP, besides the critisism that I already brought in. So, E-Mail is not a very good protocol, or the protocols that are built in E-Mail are not a very good to build proper crypto on top of it. Herald: Thank you for this answer, so maybe we need build something entirely new from scratch. There is another question on Microphone number 2, if I see this correctly. Microphone 2: So, do I understand it correctly, it looks like there won't be a fix for that multi part attacks, like there is the normal plain text the attacker writes, and then there is a ciphertext, which my mail client decrypts; there won't be a fix for that? Sebastian: There is a fix, so the mail clients are fixed, so that's because that's a non-breaking fix, that's a good thing here. So you can't fix S/MIME, for example, because it would be a breaking fix, but you could fix the email clients, which was a lot of work, because MIME parsers are very complex, but they fixed it, so it's not supposed to work in current mail clients anymore. The direct exfiltration part. Herald: So we still have quite some time left and so I would like to have another question form the internet. Signal Angel: Yes, so one user asked "would you recommend a better path to integrate PGP into the E-Mail clients instead of using extensions?" Sebastian: Yea. I'm not a - I mean I already talked about this that not many people use PGP. And also not many people use S/MIME. I'm not sure, whether this will be increased, when OpenPGP spilled into most of the mail clients, because you could use S/MIME, you know. As soon as S/MIME is fixed it will be fine to use S/MIME, and it's already in all the clients in there, but not many people use it. So it would be nice, if we could have it, but I'm not sure whether it would have much of an effect on the amount of people who use it. Herald Angel: Thank you. And we have another question from Microphone number 7. Microphone 7: Yes, hello. So I work with journalists - here! here! here! Herald Angel: There, in the very back. Microphone 7: There, Hello. Hello. Sebastian: Hi. Oh, yeah hi. How's it going? Microphone 7: So I work with journalists, and May was very annoying, and I cannot stress enough how important it is to - the point you've made about communicating around disclosure. Sebastion: Yeah Microphone 7: We were scrambling. I work with about 200 journalists, who use PGP daily, and we were scrambling for any bit of information. Sebastian: Yeah. Microphone 7: What, what should we do? It was, it was madness. Sebastian: Yes. Microphone 7: But I actually have a question. The question is: Have you played with Mailpile? I've read the, I've read the paper. In the paper Mailpile, I think I remember, was mentioned, and I vaguely remember it was mentioned in a positive light, but I just want to make sure, if that's the right thing that I should get from this paper. Sebastian: I don't know it on the top of my head, but if you come afterwards to Chaos West we'll get out the paper and look at the tests, and then we can answer this question. Cool. Microphone 7: Thank you. Herald: Okay. We have another question on the microphone number 6. Microphone 6: So, I'd like to know if there's any difference in the attack surface, regarding OpenPGP, if plain, like, plain PGP is used or PGP/MIME. For example if you set your E-Mail client to disallow decryption of inline PGP. Sebastian: Yeah, that's a very good question. I mean the reply to attacker attack that I just showed at the last. The Q53 people came up with a version that worked with inline PGP, and we showed that it's also possible with PGP/MIME. So, I wouldn't say - I mean, most of the people use PGP/MIME. Inline PGP is not used anymore. The problem is, when you don't decrypt PGP, inline PGP, then you have a problem when people use PGP at an external application. They can't copy and paste the ciphertext in there anymore, which is also very annoying. And I also told you that it's, I think it's a very good idea to do this outside of the mail client, if you're in a, if you face motivated attackers. So, it's not that easy. it would be a breaking change that wouldn't, maybe not be too good. Microphone 6: Okay. Thanks. Sebastian: Okay. Herald: Thanks a lot for this answer. I think we are done with all the questions from the hall. If you like to continue the discussion with Sebastian Schinzel, you may move yourself to the assembly of Chaos West in the next hall in this direction. And now please give a big round of applause for Sebastian Schinzel and the awesome team behind. Applause Outro plays subtitles created by c3subtitles.de in the year 2020. Join, and help us!