Making the change to remote work? We're happy to help you stay connected Learn more >

Making the change to remote work?
We're happy to help you stay connected

Learn more
Intermedia news

What You Need to Know About the Encrypted Email Attack eFail

eFail is an email-based attack that is exploiting a vulnerability of a few encrypted email standards. The attack was discovered by a group of German and Belgian researchers who found PGP and S/MIME to be vulnerable.

Is the use of PGP or S/MIME common?

Actually, no. PGP and S/MIME have been around awhile, but it’s difficult to set up, as both the sender and receiver have to exchange keys to encrypt/decrypt messages, and so most people don’t use it.

Should I be concerned?

Chances are if you don’t know whether you are using PGP or S/MIME, you probably aren’t using it.

So how does the attack work? According to news articles, if an attacker can intercept or modify encrypted emails, it would theoretically be possible to exploit how the message will be processed by the email client. Simplified, this means that if one of these two methods for encrypting email is exploited, it could reveal your plain text communications. However, no such exploits have been known to be weaponized or circulated.

While there is no current fix for eFail, there are a few things to note

The attack requires hackers to have a high level of access to your system to begin with. If they don’t have a way of intercepting your encrypted messages, then they are out of luck. However, Sebastian Schinzel, one of the researchers on the project who runs the IT security lab at the Münster University of Applied Sciences, and many others, recommend that you disable the use of PGP/GPG and S/MIME in your email client for any sensitive communication until a fix has been addressed. Users should also deactivate other conveniences, if they haven’t already, like displaying images sent by a sender on default. By setting the PGP plugin to only show the text of the message and none of the formatting or multimedia, you should be in a good spot.

However, it is also recommended that users of the following email clients disable the use of PGP/GPG and S/MIME temporarily:

  • Gpg4win on Outlook
  • Enigmail on Thunderbird
  • GPG Tools on Apple Mail
  • Outlook 2013 / 2016 are also vulnerable to some user interaction with S/MIME

To summarize, what can we learn from this latest vulnerability?

  • This incident once again reveals widespread use of old and unsupported mail clients like Outlook 2007. If you are still using Outlook 2007 it is time to update to Outlook 2013 or Outlook 2016.

  • You can almost never go wrong by staying up to date on patching. Patch your email clients and plugins as soon as the updates become available.

  • We’ll likely need to wait awhile for an update to the OpenPGP and S/MIME standards, so be patient.

About Ryan Barrett

Ryan is Intermedia's Vice President of Security and Privacy.

Recent Posts
View post: Contact Center Services: How To Make Them Work for You
Intermedia news
Posted on September 15, 2023

Contact Center Services: How To Make Them Work for You
View post: What is IVR, or Interactive Voice Response, and how can it help a small business?
Intermedia news
Posted on September 12, 2023

What is IVR, or Interactive Voice Response, and how can it help a small business?
View post: All You Need To Know About Email Hosting
Intermedia news
Posted on August 21, 2023

All You Need To Know About Email Hosting
Trending Topics
Top Picks

Intermedia news

ZDNet finds Intermedia's file backup & sharing solution one of the most innovative tools for keeping businesses secure

Cloud best practices, On-premises environments, The Cloud

VoIP Game Changer: 5 must-haves for seamless adoption

Subscribe to our Blog via Email

Recommended articles
View post: “Go Phish!” Ryan Barrett and Forbes discuss the value of hacking your employees
Backup & File Sharing, News and announcements, Security

"Go Phish!" Ryan Barrett and Forbes discuss the value of hacking your employees

Posted on January 24, 2017

“Go Phish!” The name of an iconic childhood card game takes on a menacing air with the addition of a single letter. But in the same way that you chide a fellow card-player to […]

View post: A Catch 22 – Cybersecurity and the Channel
Backup & File Sharing, Partner Program, Security

A Catch 22 – Cybersecurity and the Channel

Posted on April 12, 2017

Organizations are not confident in their knowledge of the threat landscape. However, all this confusion presents a strategic opportunity for MSPs – end customers now more than ever need a trusted security advisor.

View post: Don’t let the Equifax breach impact your email security
Intermedia news

Don't let the Equifax breach impact your email security

Posted on September 8, 2017

With the Equifax breach, there are 143M new reasons why you need to take phishing seriously. Intermedia Email Protection can help protect your business email from attacks.

Search for the insights you need

Try these topics: