• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance
Privacy

PGP and S/MIME protected emails prone to exposure

May 14th, 2018 Waqas Security, Privacy 0 comments
PGP and S/MIME protected emails prone to exposure
Share on FacebookShare on Twitter

PGP and S/MIME protocols are used to ensure that emails are being sent securely. However, users of these protocols are urged to stop sending emails using these protocols since a serious flaw has been identified that can expose contents of new and previous encrypted emails.

Reportedly, Münster University of Applied Sciences’ professor of computer security and researcher Sebastian Schinzel, has identified a flaw that can reveal the “plaintext of encrypted emails including emails sent in the past.”

The issue has become a major cause of concern within the tech community and around 8 researchers from three mainstream European universities are currently working to find out details of the identified flaw.

Uninstall PGP

Electronic Frontier Foundation (EFF) has also confirmed in its latest blog post that there the PGP is flawed and can potentially lead to leaking the contents of encrypted emails. Therefore, users are urged to immediately uninstall or disable the tools that can decrypt the PGP-encrypted email automatically until a patch is released.

The foundation also tweeted to inform users that they should not decrypt PGP-encrypted messages in mail clients since researchers have stated that currently there aren’t any reliable fixes available.

For now, do not decrypt encrypted PGP messages that you receive using your email client. Instead, use non-email based messaging platforms, like Signal, for your encrypted messaging needs.

— EFF (@EFF) May 14, 2018

“Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email,” read the blog post from EFF.

According to GnuPG’s Werner Koch, the EFF is exaggerating the situation and that the foundation hasn’t yet contacted GnuPG. While Enigmail’s Robert Hansen has stated that the call from EFF is merely a “tempest in a teapot,” about which the company isn’t a “least bit worried.”

Hansen believes that instead of releasing the news publicly the foundation should have reached out to the companies involved while he claims that users can use the newest Enigmail version confidently.

Koch further added that they have identified mail clients that are inappropriately identifying decryption errors and following HTML email links, which means the flaw is in not in the protocols but the mail clients.

“In fact, OpenPGP is immune if used correctly while S/MIME has no deployed mitigation,” tweeted Koch on behalf of GnuPG.

They figured out mail clients which don't properly check for decryption errors and also follow links in HTML mails. So the vulnerability is in the mail clients and not in the protocols. In fact OpenPGP is immune if used correctly while S/MIME has no deployed mitigation.

— GNU Privacy Guard (@gnupg) May 14, 2018

However, we do know that the EFF usually don’t release unnecessary warnings without any sound reasoning and this time around too there must be some solid reason behind the sudden response. The EFF also notified in its blog that:

“Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.”

We are still awaiting complete details about the vulnerability identified in this system, which is expected to be released on Tuesday at 7 am UTC. However, the EFF has provided guidelines for disabling PGP. You can disable it in Outlook using the Gpg4win, Enigmail, and Thunderbird while using GPGTools you can disable it in Apple Mail.

ProtonMail not affected

In an email conversation, the world-renowned encrypted email service which uses PGP protocol has said that its service has not been affected by the flaw. The company’s spokesperson revealed that the flaw is not new and existed since 2001 which means it is a seventeen years old flaw.

Image credit: Depositphotos

  • Tags
  • EFF
  • Email
  • Encryption
  • internet
  • PGP
  • Privacy
  • ProtonMail
  • security
  • Technology
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Denmark's largest train operator hit by service crippling DDoS attack
Next article Bytecoin cryptocurrency mining malware found in Ubuntu Snap Store
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers claims to be selling 13tb of Domino’s India data
Hacking News

Hackers claims to be selling 13tb of Domino’s India data

WhatsApp Pink is malware spreading through group chats
Security

WhatsApp Pink is malware spreading through group chats

A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us