Blog

EFAIL: detection and prevention

Posted by CipherMail
May 19, 2018

In our previous blog posting we discussed the EFAIL "Generic exfiltration" attack on S/MIME and suggested how such an attack may be detected.

Even though the CipherMail gateway is not directly vulnerable to EFAIL (see EFAIL: which is vulnerable? PGP, S/MIME or your mail client? for more details), if your email client is configured to automatically download external resources, your email client may leak your decrypted email.

The main issue with the EFAIL "Generic exfiltration" attack is that an encrypted message can be modified by an attacker without being detected. This is a general S/MIME problem and can only be solved by fixing the S/MIME standards.

... any standard-conforming client will be vulnerable and ... each vendor may cook their own mitigations that may or may not prevent the attacks. Thus, in the long term, it is necessary to update the specification to find and document changes that fix the underlying root causes of the vulnerabilities.

In our previous blog EFAIL: how to detect you are being attacked? we discussed a possible option to detect that an S/MIME encrypted email was modified.

If an encrypted S/MIME email is modified, multiple blocks of random data will be added to the email. S/MIME emails however, should only contain readable characters. If an email, after decryption, contains non-readable characters, this is an indication that the encrypted message has been tampered with (for more details see EFAIL: how to detect you are being attacked?)

To make sure that CipherMail customers are protected even if a vulnerable email program is used, we have added functionality to the CipherMail Email Encryption Gateway which can detect whether there are non-readable characters in a decrypted message. If non-readable characters are found, a header will be added to the email. An anti spam/virus filter can detect this header and quarantine the email for further inspection. Optionally, decrypting the email can be aborted. The email will then be delivered in encrypted form.

The following two advanced S/MIME options were added: "Check for invalid 7bit chars" and "Abort decrypt on invalid 7bit chars". If "Check for invalid 7bit chars" is enabled, the decrypted message will be analyzed to check whether all characters are within the acceptable character range for S/MIME (tab, LF, CR, 32-126). If a character is found which is not within the acceptable range, the header "X-Djigzo-Info-SMIME-Illegal-Chars-Found: True" will be added to the email and the following warning message will be printed to the logs:

WARN  Illegal characters detected in decrypted message

If "Abort decrypt on invalid 7bit chars" is also enabled, decryption will be aborted and the message will be delivered in encrypted form and the following warning message will be printed to the logs:

"WARN  Decryption aborted. Illegal characters detected in decrypted message"

The options "Check for invalid 7bit chars" and "Abort decrypt on invalid 7bit chars" are not enabled by default. Although the S/MIME specifications require that email sent over the Internet only use 7bit characters, it may be that some non-conforming S/MIME clients use 8bit characters. Non-conforming S/MIME clients may therefore result in false positives for some emails. The options can be enabled for specific recipients or domains but it's best to enable them on the top level.

A new CipherMail Gateway release candidate with the EFAIL detection functionality can be downloaded here.

  1. EFAIL