Experts Warn New Bugs Could Expose PGP Emails

Edward Snowden

Ahead of a full release of details on May 15, European researchers and the EFF are providing an early warning that messages encoded with PGP/GPG and S/MIME are vulnerable to a set of serious security vulnerabilities - an issue impacting over 20 email clients.

The Electronic Frontier Foundation -which researchers contacted to help them broadcast their message to a broader audience- has published tutorials on how to disable email encryption plugins.

Titling the exploit "Efail", they wrote that they had found two ways in which hackers could effectively coerce an email client into sending the full plaintext of messages to the attacker. The digital privacy watchdog also suggested the use of alternatives, such as Signal, for the time being as the implications of the vulnerabilities described in the paper are better understood, and hopefully mitigated, by the cybersecurity community.

The PGP encryption is mostly used by political activists, journalists, and whistleblowers as an extra layer of encryption. In the meantime, they are recommending that users stop using OpenPGP and S/MIME for now.

The attack works by exploiting how email clients read HTML code, researchers said.

A modified encrypted email sent by the attacker to the victim is decrypted by their email client.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim.

More news: Sharif says media grossly misinterpreted his remarks on Mumbai attack

"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email", the EFF's post said.

"The Efail attacks require the attacker to have access to your S/MIME or PGP encrypted emails", the Efail website FAQ states.

While the requirement that attackers have access to previously sent e-mails is a an extremely high bar, the entire goal of both PGP and S/MIME is to protect users against this possibility.

It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.

The flaws, some of which have existed for more than a decade, are part of a series of vulnerabilities dubbed "Efail". This is then encrypted with the sender's private "key" and decrypted by the receiver using a separate public key.

The team's leader researcher, Sebastien Schinzel, admitted that: "E-mail is no longer a secure communication medium".

To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient.

Related News:



Most liked

USA high court paves way for states to legalize sports betting
All four major USA professional sports leagues, the NCAA and the federal government had urged the court to uphold the federal law. NY - A 2013 referendum approved sports betting in the state's commercial casinos if it was ever legalized at the federal level.

Black American bishop will give the address at royal wedding
Curry spoke in defense of same-sex marriage. "And this conjures that up again, and brings pain". The Instrument of Consent will be presented to the couple after becoming husband and wife.

Zenit agree Mancini exit as Italy loom
The decision to leave was made some three months ago", he said. "It has nothing to do with the club or the national team". Mancini led City to its first English league title in 44 years in 2012, and won three Serie A titles with Inter Milan.

Kerala woman arrested after confession that daughter was molested with her consent
The Women's Commission chairperson MC Josephine visited the theatre and appreciated the owner for informing the issue to police. Shockingly, as per police report, the man had sexually assaulted the girl while her mother was also present at the place.

Xerox ends Fujifilm deal in win for Carl Icahn
With that behind us and new shareholder-focused leadership in place, today marks a new beginning for Xerox. Despite our insistence, Fujifilm provided no assurance that it will do so within an acceptable timeframe.

Man United's Michael Carrick Reveals Managerial Goals as Retirement Looms
Martial had been expected to feature on the final day of the Premier League season at Old Trafford, but was not even on the bench, with reports claiming he had driven away from the ground before kick-off.

IPL 2018: 5 takeaways from Rajasthan Royals' win over Mumbai Indians
During the death overs, Jofra Archer missed a sitter at point as Jaydev Unadkat deceived Ben Cutting with a slower delivery. Mumbai are no strangers to these kinds of situations, as they have made it a habit of coming from behind in previous IPLs.

Karnataka polls -Litmus test for BJP and Congress
In 2005, former Prime Minister Gowda had expelled Siddaramaiah from JD (S) and it was then that Siddaramaiah joined Congress. While he left the decision to the high command, the chief minister told reporters that it will be hard to impose any leader.

Houston Astros wear Rockets gear for road trip
D'Antoni was asked if he thinks the Warriors have seen a team as talented and unsafe as the Rockets are this season. Capela has the opportunity to make a name for himself if he can stay active in the paint against Golden State.

Simpson leads Players Championship by seven strokes
I was 14 back starting today and anything inside a top 10 is an incredible feat over the weekend from that far back. Spieth was five under on his round through 11 holes and wondered if he had the low round of the day.

IMD predicts rain, squall over next 72 hours
Many houses were razed to the ground, hoardings and trees uprooted and power outages reported from various cities and towns. A sudden dust storm and rain hit several parts of Punjab and Haryana, including Faridabad and Gurgaon, on Sunday evening.

US Set To Officially Open Its Israeli Embassy In Jerusalem
In 1995, Congress passed a law mandating the move of the US embassy to Jerusalem , a law that had the support of both parties. A sign on a bridge leading to the US Embassy compound ahead the official opening in Jerusalem, Sunday, May 13, 2018 .

Cowboys DT Maliek Collins suffers broken foot in OTAs
Primarily a backup throughout his career, McClain recorded a career-high 39 tackles and 2.5 sacks while starting 15 games in 2016. The Cowboys did not draft a defensive tackle, but did acquire one during the draft by trading for Oakland's Jihad Ward.

USC Softball Gets 9 Seed And Will Host NCAA Regional
The Florida softball team will host an NCAA Regional for the 14 consecutive season at Katie Seashole Pressly Stadium. The victor of the Columbia Regional will be matched with the victor of the Arizona State Regional.

Motorola working on a foldable smartphone, files a patent for the device
Just a few months ago, the smartphone community was stunned when Microsoft's patents outlining a foldable mobile device emerged. This will be materialized by 2019 with the foldable smartphone to be released in 2018 to be named Andromeda CShell.