Beware: Critical Vulnerability Could Reveal Contents of Encrypted Emails

Phil Baker | 3:45 PM on May 14, 2018
(Getty Images)

A team of European cybersecurity researchers discovered that hackers have can break the encryption of email that is designed to be highly secure. The vulnerability is being called Efail, and allows hackers to crack OpenPGP and S/MIME, two widely used email programs that provide full end-to-end encryption when using email. PGP (Pretty Good Privacy) is a popular encryption method that’s often added to email applications to make the email secure. It’s considered the gold standard for email security.

Advertisement

The vulnerability affects journalists, businessmen, political activists, scientists, government security workers, whistleblowers, and others who depend on encrypted email.

The Electronic Frontier Foundation is advising users to “immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. It provided instructions for disabling PGP plug-ins in Thunderbird, Apple Mail, and Outlook.”

They go on to say, “EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”

The company that makes the widely used secure email service ProtonMail noted that their email service is not vulnerable to this issue.

The problem was investigated by Sebastian Schinzel, a professor of computer security at Munster University of Applied Sciences. He noted, “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”

Advertisement

Initially, there was concern among cybersecurity experts that all files encrypted with PGP were vulnerable, but that was not the case. The problem involves whether the email programs check for errors in the decryption. It’s not a vulnerability in PGP system but rather in the email apps that were lacking the safeguards in using PGP.

You can read more about what the researchers are calling the EFAIL vulnerability here.

 

Phil Baker
Phil Baker is a product development expert as well as an award winning journalist and author covering high tech. He hosts a gadget blog at BakerOnTech.com. Phil holds over 30 patents and has been an executive for a number of high technology companies. He’s been responsible for bringing scores of well-known consumer tech products to market. Phil is the author of “From Concept to Consumer,” a former columnist for the San Diego Transcript, and founder of Techsperts, Inc., a product development company.
Category: NEWS & POLITICS

Recommended

Biden Administration Is Now Under Investigation for 'Election Interference' Matt Margolis
Did Biden's Love for Hamas Just Lose Him the Jewish Vote? Stephen Green
The Morning Briefing: Netanyahu Is a Magnifying Glass on Biden's Pathetic Weakness Stephen Kruiser
Trump Derangement Syndrome Meltdown of the Week: Pity Poor Mexico Edition Stephen Kruiser
Just One More Thing, Stormy: Do You Know Anything About Trump's Business Records? Victoria Taft
Biden Regime's Department of Education Sues Columbia University, But Not For What You’d Expect Robert Spencer

Trending on PJ Media Videos

Join the conversation as a VIP Member

Advertisement
Trending
Editor's Choice
Somebody Needs to Sanction Biden for His Support of Terrorism
Hillary Debuts Ultra-Cringe Suffragette Musical on MSNBC
Does Trump Have a Bigger Lead Than the Polls Are Showing?
Advertisement