Critical Flaw Found in PGP and S/MIME Email Clients Like Apple Mail

PGP is leaking your emails in plaintext and there's no known fix

Schinzel and his team's research has been corroborated by Electronic Frontier Foundation (EFF), and has been described in detail by the researchers in a paper published earlier today.

German researchers have warned those using a popular form of email encryption that serious flaws mean their messages could be decoded by attackers. It also name dEnigmail for Thunderbird, GPGTools for Apple Mail and Gpg4win for Outlook as worthy of disablement, and offers instructions on how to do so.

Academics from Münster University of Applied Sciences, along with their peers at Ruhr University Bochum, and KU Löwen in Belgium, said they were able to break two types of encryption that until now were so secure that even intelligence agencies couldn't penetrate.

"If you use PG or S/MIME for sensitive information then this is a big deal", Matt Green, a professor specializing in encryption at Johns Hopkins University, told Ars on Monday.

He said the vulnerabilities "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past" and that there are no current fixes available.

A modified encrypted email sent by the attacker to the victim is decrypted by their email client.

Overwatch Anniversary Event Start Date Leaked
So if you haven't played Overwatch on PlayStation 4, Xbox One, or PC yet, that'll be your chance. Loot box shennanigans not included, I've gotten a lot of playtime out of it.

Pashinyan Invites Renowned US Economist to Restore Armenia's Economy
Nikol Pashinyan hopes for the preservation of good relations with Russian Federation . He also called on the two countries' businesspeople to invest in Armenia.

Duke of Edinburgh appears ready for royal wedding after hip surgery
Prince Philip , who is 96, underwent a hip surgery in April, and has not been seen at many public engagements this spring. The young royal is also an accomplished rider having inherited a love of horses from her grandmother, the Queen.

Werner Koch of GNUPrivacyGuard (GnuPG), an open source PGP privacy suite, said the EFF's warning was "overblown" and said he hadn't been contacted. The Efail attacks do not provide attackers with a method to access a victim's email account, but rather are all about the encryption layer.

In the first exploit, hackers can "exfiltrate" emails in plaintext by exploiting a weakness inherent in Hypertext Markup Language (HTML), which is used in web design and in formatting emails.

Security researchers on May 14 announced a new set of vulnerabilities in the widely deployed S/MIME and OpenPGP email encryption technologies, dubbed Efail. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.

UPDATE 2: Because some researchers started disclosing details about the vulnerability ahead of schedule, the efail.de website is now live, along with the research paper, both containing more info on the EFAIL vulnerability. The potential for compromised communications increases if the email is part of a group conversation, as the attacker only needs to target one person in the chain to pull off the decryption.

To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient.

Related News:



Most liked

Drake announces 'Aubrey and the Three Amigos Tour' with Migos
Now, hooked on the written word, he's Westword's Culture Editor and writes about music and the arts. Thursday before tickets go on sale to the general public 10 a.m.

Mitt Romney calls pastor delivering United States embassy blessing a 'religious bigot'
Jeffress responded in a tweet of his own by defending his view that "salvation is through faith in Christ alone". Jeffress has been a staunch supporter of the president and is a member of Trump's evangelical advisory panel.

Yates wins stage nine to extend Giro lead as Froome trails
Since the beginning of the day we believed in the possibility of winning the stage as well as defending the Maglia Rosa". Team Sky's Froome is now two minutes and 27 seconds behind Yates and down to 11th place overall.

Jio files complain against Airtel over Apple Watch service, Airtel denies charges
The Apple Watch Series 3 cellular functionality is supported by Apple iPhone 6 and above. Airtel though has denied Jio's accusations.

ICSE results 2018 out: Mumbai boy tops ICSE exam held across India
In 2018, a total of 10,88,891 students took ISC Class 12 exams, out of which 6,28,865 were boys and 4,60,026 were girls. The Teaching duties were figured out by 10K+ staff authorities as per the update followed by the board of ICSE.

MacBook keyboard lawsuit wants Apple to acknowledge bad design
The lawsuit asks for both damages and refunds for anyone who has paid to replace their MacBook's keyboard. Apple's fabled butterfly keyboard has caused issues that's been bugging customers since its inception.

Football Field-sized Asteroid To Zip By Earth
The experts, not being able to completely comprehend the asteroid , again re-imaged it on 10 May and named it as 2010 WC9. Orbit calculations show that the May 15 pass is Earth's closest encounter for an asteroid this size in nearly 300 years.

Royal wedding will have a Tar Heel connection. See who it is
He is the first African-American to lead the Episcopal Church and is known for his inspirational preaching style. This story has been corrected to show that Curry has served as a bishop in North Carolina, not Chicago.

Could a female Muslim superhero film soon be on its way?
When news of Ms Marvel's debut spread like wild fire, fans were quick to share their two cents on the flawless actor for the role. Next, we'll have Ant-Man and the Wasp , which hits cinemas on August 3rd, while Captain Marvel comes out before Avengers 4.

Milla Jovovich to star in Monster Hunter movie
It's one of his big strong points. "That's what it's all about these days, a fresh, different approach", said the company. The film now has a budget of $60 million and will be filmed around South Africa near Cape Town according to Variety .

Andrew McCutchen's return to Pittsburgh was awesome
Nova He blamed himself for not being able to field Pablo Sandoval's sixth-inning grounder. "It's a comebacker I should make. Pirates: RHP Joe Musgrove (strained right shoulder) pitched 5 2/3 no-hit innings in a rehab start at Triple-A Indianapolis.

Walmart OK With Whatever Decision Softbank Takes On Its Flipkart Stake
Post the Walmart-Flipkart, SoftBank reportedly had a second thought about selling its entire Flipkart stake to Walmart. There are also reports that SoftBank was also in discussion with Walmart for deciding its role in Flipkart.

André 3000 Drops New Song - "Me&My" [Stream]
As written by Questlove via Twitter, both of 3000's parents passed within a year of each other thus explaining the title track. Andre 3000 has also joined Instagram where he uploaded an old photo of him with his mom with the caption "I love you mom".

Published render smartphone Moto Z3 Play
There's also the 16-pin connector which gives the device the ability to make use of the newer and older Moto Mods. While the volume rocker is placed on the right edge, the power button with textured finish is on the right edge.

Nawaz Sharif's 26/11 remarks create stir in Pakistan
Former Interior Minister Chaudhry Nisar Ali Khan has hit out hard at Nawaz Sharif over his Mumbai Attack remarks. Sharif is the modern-day Mir Jafar, who collaborated with the British to enslave his nation for personal gains.