Security flaw exposes encrypted email in almost every mail service

Email Encryption Hacked ^(http://bgr.com/2018/05/14/email-encryption-hacked-apple-mail-outlook-and-thunderbird/)

If you’re using encrypted email (PGP and S/MIME) to exchange sensitive data with others, you should consider other alternatives until you hear they’re safe again. A security flaw would allow attackers to turn encrypted emails in plaintext.

For the time being, there’s no fix so your best bet would be to remove these encryption standards from their email communications.

Don’t Miss: Roku announces free premium content and special discounts on the most popular Roku devices ^(http://bgr.com/2018/05/14/roku-streaming-stick-sale-on-amazon-national-streaming-day/)

Security researchers in Europe discovered the security flaws, posting on Twitter about the issue.

We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4

— Sebastian Schinzel (@seecurity) May 14, 2018

Sebastian Schinzel, professor of computer security at Münster University of Applied Sciences, said the flaws “reveal the plaintext of encrypted emails, including encrypted emails you sent in the past,” which sounds just as scary as you imagine.

The Electronic Frontier Foundation (EFF) published a blog post on the matter, saying that it can confirm “these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”

The full details will be published in a paper on Tuesday morning (European time), so you have some time to act:

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

The EFF also published guides on disabling PGP plugins in Thunderbird, Apple Mail, and Outlook.

As Ars Technica explains, the threat is real and should be dealt accordingly until a permanent fix is in place.

Author: Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).

Leave a Reply