Critical PGP & S/MIME Bugs Can Decrypt Plain Text From Emails
technology

EFAIL: Critical PGP & S/MIME Bugs Can Decrypt Plain Text From Emails

It’s unethical but sadly true.

https://dk2dyle8k4h9a.cloudfront.net/EFAIL: Critical PGP & S/MIME Bugs Can Decrypt Plain Text From Emails

PGP and S/MIME that every one of us knows as an email encryption methods are very much vulnerable to hacking. And, through the hacking, even an encrypted message can easily be hacked to get the message from the text. The warning has come directly from Sebastian Schinzel, professor of computer security at the Münster University of Applied Sciences. Through the post, he warned, “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”

Reporting the issue in the blog post in partnership with EFF or Electronic Frontier Foundation along with writing about the same on the twitter, Sebastian Schinzel wrote, “EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.” 

Both Schinzel and the EFF blog post talked about the issues, the measures that could be taken and the vulnerabilities that come along with the threat and advised to uninstall plugins like Thunderbird, Outlook, and Mac OS mail. The instruction advises disabling PGP integration in e-mail clients." Interestingly, there's no advice to remove PGP apps such as Gpg4win or GNU Privacy Guard. Once the plugin tools are removed from Thunderbird, Mail, or Outlook, the EFF post said, "your emails will not be automatically decrypted."

On the similar issues, EFF went ahead on Twitter to announce, "do not decrypt encrypted PGP messages that you receive using your email client." 

 

 

As it is a very new and something of its kind of issues, there is limited information available on the same. However, the twitter message on Schinzel’s news feed used the hashtag #efail, which indicates that researchers will be addressing the issue with the similar hashtag in the upcoming releases. The team of researchers includes some prominent professionals who hold expertise in the subject-matter. The names include Simon Friedberger, Damian Poddebniak, Jens Müller, Jörg Schwenk, Christian Dresen,  juraj somorovsky, and Fabian Ising. Besides Münster University, the researchers also represent Ruhr-University and KU Leuven University.
 

Neha Baluni
Written By
Neha Baluni

Being a Senior Technical Writer at MobileAppDaily, Neha Baluni loves jotting down her piece of opinion for the advancing technology in mobile app world. Having a journalism background, she is a writer by day and a reader by night. Her passion for writing covers different categories of technical and non-technical genre. In addition to writing, Neha loves traveling a lot.

Top Companies

01.
InMobi
Singapore
02.
Dot Com Infoway
New York, USA
03.
M&C Saatchi Mobile
New York City, USA
04.
Techmagnate
New Delhi, India
05.
Fetch
London, UK
View full report

Latest Articles

technology

Online Gaming: Defining India's New Age Players

Akash Singh Chauhan 4 min read  

India is all set for a stellar growth in the field of online games in the next five years. As per a joint report by Google India and KPMG, India's online games industry will grow by $1 billion from the present $360 million by 2021, registering a 20 percent growth. Further, the Indian gaming worl

technology

Uber's Self Driving SUV Killed A Women In Arizona

Akash Singh Chauhan 4 min read  

Uber is facing a serious problem with its autonomous vehicle project after one of its self-driving vehicles killed a 49-year-old woman. On Sunday night, Elaine Herzberg was walking down the street at Tempe, Arizona when a self-driving Volvo XC90 SUV crashed her. According to the Tempe police departm

technology

Linux Releases Juno Beta 1 Developers Preview

Vikram Khajuria 4 min read  

Finally, Elementary OS Developers has unveiled the first ever beta version of the upcoming version of Juno. The company has named it as the Developer Preview and is rolled out for developers to test new features.The new release is all about integrating various design improvements and UX tweaks;

technology

'Kiss Connectivity': The Future of Data Transfer Technology?

Ariana Johnson 4 min read  

Technology is evolving with the too much pace and once in awhile there is something new  that changes the whole world. Over the two decades, we have observed many technology replacements which totally astonished the human race. From screen touch smartphones to the VR technology, there are numbe