PGP and S / MIME encryption is not nearly as reliable as expected. Inadequate standards, outdated technology, and malicious programs could allow attackers to gain access to encrypted email.

A research team around Sebastian Schinzel of the University of Applied Sciences Münster has taken a closer look at the standards and concrete implementations of email encryption and has come to a devastating conclusion: Neither S / MIME nor OpenPGP can protect the security of encrypted messages in sufficient ensure measurements. An attacker who can intercept and manipulate the encrypted e-mails can gain access to at least some of the plain text of the message, the experts warn.

Affected by the “efail” baptized problem are virtually all programs that implement e-mail encryption – from Outlook and Windows Mail to Thunderbird and Apple Mail. The situation is particularly dramatic for the S / MIME, which is used primarily in the corporate environment, where the researchers ultimately declare the standard to be irreparably broken. But grassroots PGP has serious problems that can be exploited for concrete attacks. However, there is hope that updates from the manufacturers of OpenPGP extensions such as Enigmail can mitigate the situation, at least in the medium term.



The attacks on encrypted emails with S / MIME and OpenPGP can actually be easily explained. Once you understand it, you also know why fixing it is not that easy.

The most important requirement for a successful attack is that the attacker can intercept and manipulate the encrypted mail on the move. This may be true in many cases where the end-to-end encryption of PGP or S / MIME should actually provide protection.

The fundamental problem of e-mail encryption is the fact that the e-mails are not or at least not sufficiently secured against such manipulation. This allows the attacker to modify the mail in such a way that when the decrypted mail is displayed, the mail client forwards the actually secret information to third parties. The attacker does not crack the encryption and he does not get hold of secret keys.

Picture taken from


What you need to consider now to securely read emails

Now that the details of the attack on the security vulnerabilities in PGP and S / MIME published today have become known, many users remain confused and wonder what they need to do to be able to securely send encrypted mail. We know that attackers may be able to intercept and manipulate encrypted mail in order to access the decrypted content of the email – or at least parts of it. The vulnerability known as Efail affects most common mail programs that can receive and display HTML e-mails, at least in part. There are several ways to protect yourself and your secrets.

A good start is made with preventing the display of external images in mails. This is anyway to protect privacy and even with unencrypted mails always recommended. If you can live with displaying mails as plain text without HTML, you should deactivate the display of HTML in mails and thus, according to current knowledge, is safe.


Update mail programs and plug-ins

S / MIME is far worse off than PGP, according to the Efail Explorer. In fact, all the programs they tested that support HTML and S / MIME are affected. When using PGP mainly affected are Thunderbird (with Enigmail), Outlook 2007, Apple Mail and Airmail.

Users should now mainly update their mail programs and encryption plug-ins. The Enigmail developers recommended on request from heise online to update to at least version 2.0 of the plug-in, in which the efail holes have been closed. Users with current Thunderbird and PGP versions should already have received this update via the plugin’s automatic update feature. Thunderbird has closed almost all of the vulnerabilities with version 52.7, while version 52.8 promises further fixes.


Decrypt emails externally, turn off HTML

The safest thing is not to decrypt encrypted mail in the mail client. The explorers of the Efail Gap recommend exporting the encrypted cipher text from the mail and decrypting it in a stand-alone program (such as the PGP command line output). In this way, a possibly vulnerable mail program or its plug-ins can not reveal the secret content of the message to the attacker on the web. However, this is a very cumbersome and probably unacceptable approach for most end users.

Anyone who still wants or has to decrypt their mails in the mail program can turn off the reception of HTML mails and display all messages as plain text. Although this does not stuff all sorts of vulnerabilities, it should prevent virtually all practical attacks right now. Similarly, plaintext-only clients such as Claws or Mutt are not affected.



References to this article and further information can be found at!