The built-in PGP in Canary is not affected by the EFAIL vulnerabilities. The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails.

What are the EFAIL attacks?

The term “EFAIL” refers to flaws in the S/MIME and OpenPGP (end-to-end encryption) protocols that allow the plaintext of secure email to be leaked.

What is PGP and S/MIME encryption?

Both technologies provide an added level of security to your email conversations. Even when an intruder has unrestricted access to your email, both tools, when used effectively, ensure the privacy and integrity of your emails. The EFAIL attacks disturb this added encryption layer.

What are the vulnerabilities and how do they work?

These flaws depend on the intruder previously possessing access to the target’s encrypted emails and having the ability to modify the emails covertly. There are two distinct approaches to take advantage of the vulnerabilities, as outlined here.

The first attack strategy focuses on email clients like Thunderbird, Apple Mail, Mozilla, and others that are used to decrypt and read encrypted emails. The victim receives a fresh email from the attacker that contains the intended encrypted email along with some new, unencrypted code. The freshly inserted code by the intruder is executed when the victim opens the email, which then transmits the ciphered message to the intruder.

Although it may appear odd for email clients to implement code embedded within emails, this is precisely what enables remote images as well as other content to be easily added to emails when they view the email and is frequently the favored user experience.

The second attack approach also includes altering already-encrypted emails and making use of email clients’ ability to run code. The distinction would be that here, an intruder inserts code into an email’s encrypted part instead of adding unencrypted code to it. As a result, an attacker can insert data to carry out the same kind of intrusion attack within the encrypted message. This attack is important because the encrypted email is being changed, and it has always been easy to identify this kind of modification.

Why do the vulnerabilities exist?

In all situations, an attacker has the ability to embed hidden special code that, when the receiver reads the email, is subsequently run by the recipient. This is attainable because client implementations are not required by the OpenPGP and S/MIME requirements to verify that messages are not altered. Modification Detection Code (MDC) logic is used in some OpenPGP implementations to prevent the attacks mentioned. The MDC code can identify the alterations made by the intruder and stops the email message from decrypting and running code.

However, MDC is not compulsory since mandating it would alter the protocol that numerous email clients have already incorporated. There won’t be a benchmark and communication between clients won’t be assured if some clients upgrade to enable MDC but not others. In certain ways, the fact that certain standards have been in use for so long makes it challenging to adopt significant modifications to how they operate.

How is CanaryMail protected from these attacks?

Canary Mail uses the open source Bouncy Castle encryption library, which supports the latest encryption algorithms.

It encrypts the email text along with the attachments and any HTML or other cipher text sent with it, preventing an intruder from inserting additional code or interactive media elements into an email.

Canary Mail employs digital signatures to verify the legitimacy of each email before decoding it, making it challenging for embedded code to run when an email is opened in the application. Thus, if an email is altered, the application can identify the change and will notify the user that the email’s signature is invalid.

The application uses the popular cryptographic method of digital signature to identify when data has been altered. In short, signatures serve as evidence that a user delivered an email by “signing” a hashed version of the message. The private key of a user, which is hidden from an intruder, is needed to sign an email.

Prior to showing the user the content of an email, it is first decrypted and a hash is generated. If that hash matches the hash in the signature, the email will be shown to the user without the invalid signature warning.

Canary Mail will notice that the message hash differs from the signature hash if an intruder alters the email. The email is promptly displayed with a warning in such circumstances. Because the intruder lacks the private key necessary to “sign” emails as the sender, they will be unable to forge signatures or send emails.

End-to-end encryption still provides effective data security

Although these cyberattacks show that protocols alone cannot provide security, effectively implemented end-to-end encryption is indeed a potent way to protect both business and personal information. Anyone using OpenPGP or S/MIME for business or personal use should make sure their email clients are updated and detect, delete, or at the very least alert the user if corrupted messages are found.

If you currently use Canary Mail, you are safe-guarded. You are protected from these cyberattacks by Canary Mail’s unique use of end-to-end encryption methods. If you don’t already have Canary Mail, download it now and start encrypting your emails from beginning to end. Canary Mail is developed to be the most user-friendly encryption email client for both commercial and personal users, as well as to effortlessly fit into existing enterprise routines.