PGP and S/MIME that every one of us knows as an email encryption methods are very much vulnerable to hacking. And, through the hacking, even an encrypted message can easily be hacked to get the message from the text. The warning has come directly from Sebastian Schinzel, professor of computer security at the Münster University of Applied Sciences. Through the post, he warned, “There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.”
Reporting the issue in the blog post in partnership with EFF or Electronic Frontier Foundation along with writing about the same on the twitter, Sebastian Schinzel wrote, “EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”
Both Schinzel and the EFF blog post talked about the issues, the measures that could be taken and the vulnerabilities that come along with the threat and advised to uninstall plugins like Thunderbird, Outlook, and Mac OS mail. The instruction advises disabling PGP integration in e-mail clients." Interestingly, there's no advice to remove PGP apps such as Gpg4win or GNU Privacy Guard. Once the plugin tools are removed from Thunderbird, Mail, or Outlook, the EFF post said, "your emails will not be automatically decrypted."
On the similar issues, EFF went ahead on Twitter to announce, "do not decrypt encrypted PGP messages that you receive using your email client."
There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: https://t.co/zJh2YHhE5q #efail 2/4— Sebastian Schinzel (@seecurity) May 14, 2018
As it is a very new and something of its kind of issues, there is limited information available on the same. However, the twitter message on Schinzel’s news feed used the hashtag #efail, which indicates that researchers will be addressing the issue with the similar hashtag in the upcoming releases. The team of researchers includes some prominent professionals who hold expertise in the subject-matter. The names include Simon Friedberger, Damian Poddebniak, Jens Müller, Jörg Schwenk, Christian Dresen, juraj somorovsky, and Fabian Ising. Besides Münster University, the researchers also represent Ruhr-University and KU Leuven University.