Critical PGP & S/MIME Bugs Can Decrypt Plain Text From Emails
technology

EFAIL: Critical PGP & S/MIME Bugs Can Decrypt Plain Text From Emails

It’s unethical but sadly true.

https://dk2dyle8k4h9a.cloudfront.net/EFAIL: Critical PGP & S/MIME Bugs Can Decrypt Plain Text From Emails

PGP and S/MIME that every one of us knows as an email encryption methods are very much vulnerable to hacking. And, through the hacking, even an encrypted message can easily be hacked to get the message from the text. The warning has come directly from Sebastian Schinzel, professor of computer security at the Münster University of Applied Sciences. Through the post, he warned, “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”

Reporting the issue in the blog post in partnership with EFF or Electronic Frontier Foundation along with writing about the same on the twitter, Sebastian Schinzel wrote, “EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.” 

Both Schinzel and the EFF blog post talked about the issues, the measures that could be taken and the vulnerabilities that come along with the threat and advised to uninstall plugins like Thunderbird, Outlook, and Mac OS mail. The instruction advises disabling PGP integration in e-mail clients." Interestingly, there's no advice to remove PGP apps such as Gpg4win or GNU Privacy Guard. Once the plugin tools are removed from Thunderbird, Mail, or Outlook, the EFF post said, "your emails will not be automatically decrypted."

On the similar issues, EFF went ahead on Twitter to announce, "do not decrypt encrypted PGP messages that you receive using your email client." 

 

 

As it is a very new and something of its kind of issues, there is limited information available on the same. However, the twitter message on Schinzel’s news feed used the hashtag #efail, which indicates that researchers will be addressing the issue with the similar hashtag in the upcoming releases. The team of researchers includes some prominent professionals who hold expertise in the subject-matter. The names include Simon Friedberger, Damian Poddebniak, Jens Müller, Jörg Schwenk, Christian Dresen,  juraj somorovsky, and Fabian Ising. Besides Münster University, the researchers also represent Ruhr-University and KU Leuven University.
 

Neha Baluni
Written By
Neha Baluni

Being a Senior Technical Writer at MobileAppDaily, Neha Baluni loves jotting down her piece of opinion for the advancing technology in mobile app world. Having a journalism background, she is a writer by day and a reader by night. Her passion for writing covers different categories of technical and non-technical genre. In addition to writing, Neha loves traveling a lot.

Top Companies

InMobi
Singapore
Dot Com Infoway
New York, USA
M&C Saatchi Mobile
New York City, USA
Techmagnate
New Delhi, India
Fetch
London, UK
View full report

Latest Articles

Join our global community 135K Followers
technology

The Best of 2017 Biggest Tech Stories

Neha Baluni 4 min read  

The year 2017 is already over and we are left with the impressive memories of some of the most influential tech stories from around the world. Be it about the bitcoin or the face recognition technique in Apple’s iPhone X, the year 2017 seemed a massive one for the growth of the technology. The

technology

What Is The Difference Between Windows 10 Home And Windows 10 Pro? Which One Is The Best?

Twinkle Kalkandha 4 min read  

If you are a Windows user, you might come across this decision of choosing between Windows 10 Home and Windows 10 Pro as an upgrade for your computer's operating system.Even if you own a MacBook, we still think you should keep on reading to know the difference between two of the current popu

technology

China’s Tencent Music Raises Nearly $1.1B in U.S. IPO

Vikram Khajuria 2 min read  

China-based music streaming giant, Tencent Music raises $1.1 billion in its U.S. Initial Public Offering(IPO) after evaluating its shares at the bottom of marketed-range.Tencent Music, also the wing of gaming giant Tencent Holdings Ltd, priced its American Depositary Receipts(ADRs) at $13 per sh

technology

How Technology Can Help You Manage Compliance Better

Vikram Khajuria 2 min read  

Whether your operations rely on machine learning, Big Data, or artificial intelligence (AI), it is critical to streamlining your information security monitoring efforts. Having a strong cybersecurity risk mitigation program that is built upon regulatory compliance will help to keep your organization