Before switching to Virtru, many of our customers were long time users of legacy encryption technologies like PGP and S/MIME. Consistently they tell us that they chose our email encryption product for its ease of use, interoperability, and control features.
Over the past 24 hours, as the internet lit up with stories about the ‘efail’ vulnerability in PGP and S/MIME implementations, a more fundamental Virtru benefit took center stage — the resilience of our architecture and the underlying Trusted Data Format standard. The combination of these two technological approaches allowed Virtru customers to avoid the efail exploit and other similar types of vulnerabilities.
As almost everyone read yesterday, the ‘efail’ exploit allowed the contents of PGP and S/MIME encrypted email to be leaked through applications like Microsoft Outlook, Apple Mail, and Thunderbird. This put individuals and enterprises at risk of losing control of their most sensitive information.
Since much of the press focused on ‘encrypted email’ generally, many of our customers have asked whether Virtru encrypted email is affected, and, more generally, for our perspective on this serious vulnerability. First, let’s address the vulnerability question.
Virtru clients are Not Susceptible to the Efail Vulnerability
There are two categories of vulnerabilities described in the paper, neither of which affect Virtru:
1. Absence of Integrity Checks – Integrity checks ensure that messages have not been tampered with, and appear to the recipient exactly as they were created by the sender. PGP and S/MIME use specific modes of encryption (CFB and CBC respectively) which do not mandate integrity checks. This gap in integrity checking allows an adversary to alter messages that can result in recipient apps leaking data. Virtru avoids this risk by mandating integrity checks authenticated encryption (specifically by using Galois Counter Mode.)
2. Malicious Email Manipulation – Independent of the integrity vulnerabilities above, efail exploits a vulnerability in how email clients like Apple Mail and Outlook handle incoming multi-part messages, including encrypted email. This exploit is caused by a failure of mail clients to mandate specific handling for multi-part messages, which can be manipulated maliciously without detection. Virtru avoids this vulnerability by assuming all incoming content is malicious until it has passed an integrity check to ensure it has not been manipulated.
Our Perspective on Efail
Given the seriousness of the efail vulnerability, there has been a widespread call for a reevaluation of encrypted email. We agree — it’s time to fix encrypted email.
However, the efail vulnerability isn’t really about encryption. It’s about the way encryption is implemented. The efail paper disclosed no new vulnerabilities in the underlying algorithms used by PGP and S/MIME. But the way these algorithms were implemented within tools like Microsoft Outlook and Apple Mac Mail allow an adversary to post decrypted content to an external server where it could be read without permission.
Some have called for enterprises to eliminate the use of encrypted email or to move to ‘walled garden’ messaging systems like Signal. Neither of these solutions stands up to the test of practicality. If your house catches fire, the answer isn’t not living in houses, it’s ensuring your house is fire resistant.
Abandoning email, and by extension encrypted email, is not a practical or correct answer. Email is by far the most common mode for sharing information inside and outside the enterprise. Walled garden systems like Signal, despite being open protocols, require both participants in a conversation to be on the same platform before secure content can be sent. This may work for personal communications, but business communications platforms must be interoperable — you must be able to share encrypted content with anyone without waiting for someone to create a new account or install additional software..
Our view is that we need to fix encrypted email, not abandon it. An effective encrypted email solution has the following properties:
- Based on open standards to enable interoperability.
- Lets end users send to anyone.
- Allows standard, secure integrations with tools like Outlook. There must be guardrails to ensure integrations implement security best practices to prevent exploits like efail.
- Provides dynamic access control — that is, the ability for end users and corporate administrators to change access privileges for recipients as needed.
- Does not require prior trust relationships or manual key exchanges. This just increases friction and prevents average users from protecting their email.
- Ensures that third parties, like cloud providers, can only access secure content with explicit consent.
How Virtru is Addressing the Future of Encrypted Email
At Virtru, our encrypted email products (and all of our data protection solutions) are based on the Trusted Data Format (TDF), an open standard for secure data sharing. Any TDF enabled application, including our browser based secure reader, can consume encrypted content. This ensures that senders can share with anyone without the need to install additional applications.
Our APIs and SDKs are prescriptive in terms of how security features, like integrity checks are implemented. This ensures that when developers inside or outside our company are implementing a TDF-enabled application, that security vulnerabilities like efail are avoided.
Virtru’s key management system, based on the open standard Key Management Interoperability Protocol (KMIP) allows dynamic access control. Senders and administrators can revoke access, restrict forwarding, or set expiration dates on encrypted content at any time. Permissions can be changed in real time to grant or restrict access. Our key management system also allows for transparent key exchange; Virtru does not require a prior trust relationship and no manual key exchange or special steps from end users are required. Keys may be hosted in our SaaS environment or by the customer.
Finally, Virtru is end-to-end encryption. No third party, including Virtru, ever has access to encrypted content. Efail and the future of encrypted email is an important discussion. If you’d like to discuss our perspective, or Virtru’s approach to end-to-end encryption, please contact us.