Researchers Warn Of Critical PGP And S/MIME Email Encryption Vulnerabilities

PSA PGP and S  MIME are broken and leaking encrypted emails – stop using them right now

The article then provides links to guides on how to temporally disable PGP plug-ins in Thunderbird with Enigmail, Apple Mail with GPGTools, and Outlook with Gpg4win. The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

In the short term, the researchers and the Electronic Frontier Foundation (EFF) recommend users disable PGP plugins and use non-email based messaging platforms to decrypt messages until a long-term solution is developed. "We devise working attacks for both OpenPGP and S/MIME encryption, and show that exfiltration channels exist for 23 of the 35 tested S/MIME email clients and 10 of the 28 tested OpenPGP email clients".

The vulnerability requires several steps for an attacker to intercept encrypted emails, but reveals a crack in PGP's armor.

Prior to the leak, Schnizel stated that there were "no reliable fixes", and recommended that affected users disable breached encryption software. Encrypting messages is still safer than not encrypting them-EFAIL basically just lets attackers read messages they've already compromised in some other way-but it's still not enough to truly protect the contents of those emails.

"EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs".

More news: Kim Kardashian hints she was blocked by Tristan Thompson on social media

A group of computer security researchers in Europe say they have discovered vulnerabilities that relate to two techniques used to encrypt emails and data: PGP and S/MIME.

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. "If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now", Schinzel wrote in a tweet. However, it's important to note that the PGP (Pretty Good Privacy) flaw isn't in the core protocol of PGP, reports the BBC.

In its blog post announcing the insecurity of email, the EFF suggests you use an app called Signal that can be used on mobile devices and computers. That's because EFAIL can be stopped by using authenticated encryption; OpenPGP started to support authenticated encryption in 2001.

Germany's Federal Office for Information Security said that the method used exposes a "serious weakness" in the PGP and S/MIME encryption standards. The importance of email encryption went mainstream after whistleblower Edward Snowden revealed the extent of the USA government's electronic surveillance in 2013.

Related News:



Most liked

Jeffress Prays 'For the Peace of Jerusalem' After Being Called 'Bigot'
The message was clear but Hagee said his position was misrepresented and "the ugliest of lies". Afterward, Jeffress spoke with reporters and told them that the Mormon Church is a cult.

OnePlus 6 Price, Release Date, And Renders Leaked On Amazon
The device is one of the most anticipated smartphones of this year and was a subject of multiple leaks over the past few months. The Amazon listing also reveals that the rear camera will be 16MP+20MP on the OnePlus 6 with OIS portrait mode and slow-motion.

Sen. Rob Portman to back Central Intelligence Agency pick
Unless Haspel takes that step, she will not have demonstrated the most important quality for any official, a strong moral compass. John McCain , who was tortured during almost six years of captivity during Vietnam, opposes Haspel's nomination .

Marquinhos: Neymar has never spoken about leaving Paris Saint-Germain
Meanwhile, Rui Faria, Mourinho's trusted confidante and assistant, will leave United at the end of the season. But United's hopes lie with Neymar Santos senior with whom they have a working relationship.

Hawaii volcano Kilauea: Explosive eruptions,
And once the lava drops below the water table, water hits rocks that are as hot as nearly 2,200 degrees and flashes into steam. The eruption of Kilauea is luring scientists to Hawaii, many of them come from the California Volcano Observatory.

Militants from Pakistan attacked Mumbai: Sharif
Nine of the attackers were killed by the police while the lone survivor Ajmal Kasab, was arrested and hanged after a trial. Shahbaz Sharif said a number of development projects are underway under the China-Pakistan Economic Corridor.

Hollywood feels the force of new Star Wars blockbuster
The big surprise for me was Phoebe Waller-Bridge (Bridge-Waller?) who has a few of the funniest moments I've ever seen in a Star Wars movie.

Growing reactions against U.S. for withdrawing from nuclear deal
He has positioned himself as middleman between all the parties, and now leads the effort to save it. The United States is now lurching toward a direct confrontation with Iran with an ad hoc strategy.

Marc-Andre Fleury: Will lead Golden Knights to ice for Game 1
The Over-Under, or total number of goals oddsmakers think will be scored in this 2018 NHL Playoff game, is 6. So we're going to have our hands full for sure".

Highland High School Shooting: Victim Shot in Arm, 14-Year-Old Detained
A teenage boy was wounded and a suspect was detained Friday morning in a shooting at a high school in California. The rifle apparently used in the attack was recovered in an open field west of the school, McDonnell said.

United States fighters escort Russian bombers during training flight: Russian military
It is the first incident of the kind since USA jets intercepted Russian aircraft over a year ago on May 3, 2017. At no time did the bombers enter North American sovereign airspace, said the NORAD spokesman, Canadian Army Maj.

Mars Helicopter to Fly on NASA's Next Red Planet Rover Mission
NASA hopes the helicopter will ascend to around 10 feet and hover there for around 30 seconds on its first flight. NASA officials explained the rotorcraft will hit the Red Earth's surface connected with the car-sized rover .

Giuliani says Trump 'had no knowledge' of Cohen's corporate clients
The consulting fee went through a shell company Cohen also used to pay hush money to Daniels over her alleged affair with Trump. AT&T paid Essential Consultants LLC, a firm set up by Cohen, a total of US$600,000 (S480,000) over 2017 for the advice.

West Ham and United shares the spoils in London
In the 12th minute Shaw attempted a cross into the box which was cleared which sparked a counter-attack from the Hammers. A minute later Arnautovic showed his threat as he beat United's back three before firing a cross towards the near post.

National Hockey League releases Stanley Cup Playoffs Western Conference Final sched
Leave it to Peter DeBoer to deliver the most spot-on analysis of the Sharks' demise. "He had a couple of great games for us". When the season started it seemed that maybe they were playing over their heads, but this entire season proved otherwise.