Researchers warn of critical flaw affecting PGP and S/MIME

PSA PGP and S  MIME are broken and leaking encrypted emails – stop using them right now

Critical unpatched vulnerabilities in widely-used email encryption tools PGP and S/MIME have been discovered by a team led by Sebastian Schinzel, professor of Computer Security at the Münster University of Applied Sciences.

German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers. Service providers have been requested by the EFF to communicate the news to all users and request them to disable all related security plugins including Thunderbird with Enigmail, Apple mail with GPG tools, Outlook with GPG4win.

The use of PGP - short for Pretty Good Privacy - for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russian Federation.

For the HTML risk, the researchers advise that OpenPGP and S/MIME users simply disable HTML rendering.

European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked, leading them to urge people to disable and uninstall them immediately.


S/MIME is very similar to PGP except that instead of users defining their own encryption methods and web of trust (how to share their private encryption keys), S/MIME uses predefined encryption standards and public-private keypairs distributed by a trusted authority. The researchers explain that there are two main types: Direct exfiltration attacks (which target weak points in Apple Mail, iOS Mail and Mozilla Thunderbird) and CBC/CFB gadget attacks.

According to encryption software GNU Privacy Guard (GnuPG), the problem comes from email programs that fail to check for decryption errors properly and follow links in emails that included HTML code. "They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past".

"The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker".

The team's leader researcher, Sebastien Schinzel, admitted that: "E-mail is no longer a secure communication medium". Then the emails are changed in a particular way and sent to a victim. The Foundation which has been in communication with the researchers has advised users to "temporarily stop sending and especially reading PGP-encrypted email".

Related News:



Most liked

Italy's new government makes economic promises
The leader of the country's anti-establishment Five Star Movement says he has reached an accord with the right-wing League. If Mattarella is satisfied with their choice, Italy could have a government in place by the end of the week.

Atletico Drag UEFA To CAS Over Simeone Ban
Madrid plays Villarreal in the final round of the Liga season before the Champions League final on May 26 in Kiev. In other matches, Valencia won at Girona 1-0, Alaves beat Athletic Bilbao 3-1, and Eibar edged Las Palmas 1-0.

ICSE 10th Result 2018 declared at cisce.org, Pass Percentage 98.51
While 49 students got more than 99 percent in the Class 12 exam, 15 students scored more than 99 percent in the Class 10 exam. Out of 73,633 students who appeared for the ISC exam, 71,033 passed and the percentage recorded was 96.56 %.

Jos Buttler delivers again, keeps Rajasthan Royals in the hunt
Just like Archer's variations in speed, Royals will hope he can take them from one extreme to another in the league. Mumbai Indians , thanks to their recent good form, are the overwhelming favourites to take this contest.

AMG GT Roadster range expands with 384kW 'S'
The company also offers an AMG carbon-fibre package and an AMG Night package as a few optional packages for the exterior. The model, which is based on the standard GT S, has been slotted between the AMG GT Roadster and the AMG GT C Roadster .

'Lost' asteroid to pass closely May 15
The asteroid will fly over the earth at a staggering 28,000 miles per hour and it will be between 60 and 130 meters. Our display will update every five seconds", Guy Wells , the founding member of the observatory, told EarthSky .

Sonam Kapoor ties the knot!
Other actresses including Hazel Keech, Sagarika Ghatge and Sonam Kapoor chose to wear red on their wedding day itself. Sonam Kapoor known not just for her powerful on-screen performances but also for her great taste in fashion.

Iran Welcomes Restoration of Peace, Security to Armenia
Alternation of power in Armenia may not mean a great change of the course of the country, Estonian Foreign Minister Sven Mikser said .

Ken Early: Manchester City are their own best enemies
The stunning form of Pierre-Emerick Aubameyang since completing a club record move in January does offer a glimmer of hope. I want the best for my friends and he's a friend of mine and I want the best.

Marvel Studios Confirms Ms. Marvel (Kamala Khan) for the MCU
The news came via Twitter used StaarksHeart , who posted a clip of a longer interview Feige conducted with the BBC . The character got her very own Marvel series back in 2014, and has been something of a fan favorite ever since.

Nigerian Mother Sues United Airlines for Kicking Her, Children Out of Plane
When flight attendant couldn't resolve the conflict, Obioma agreed to take his spot to solve the matter, according to the lawsuit. She tried to explain she wanted to take her children to school in Canada but the crew members refused to let her board the plane.

Borussia Dortmund coach Peter Stoeger not staying on
Former Borussia Monchengladbach coach Lucien Favre is tipped to leave French side Nice to replace him. Peter Stoger was a surprising choice by Dortmund but only time will tell if it was the right one.

Mother's Day Music: Andre 3000 Releases Two New Tracks For Mother's Day
The second track, " Look Ma No Hands " is a 17-minute jazz-influenced instrumental with assistance on the piano from James Blake . Titled "Me & My (To Bury Your Parents)" and " Look Ma No Hands ", the singles are part of an EP called Look Ma No Hands .

Flipkart's Big Shopping Days sale: Huge discounts, 100% cashback for 4 days
Samsung Galaxy S8: Discount of Rs 12,000 The Samsung Galaxy S8 is also available a pretty good discount during the four-day sale. Redmi 5 with 3GB RAM and 32GB storage is priced at Rs 8,999 during the sale with Amazon adding another Rs 8,001 off on exchange.

Pakistan played a role in 26/11 Mumbai terror attacks: Nawaz Sharif
Afghanistans narrative is being accepted, but ours is not. "We must look into it", he said before speaking on the Mumbai attack. The Minister said it proved India's position that the handlers of 26/11 Mumbai terror attack were in Pakistan.