ibusinesslines.com August 21, 2018

Experts have warned of the danger to encrypt emails

14 May 2018, 07:12 | Jodi Jackson

Daniel Sambraus—EyeEm Getty Images

Daniel Sambraus—EyeEm  Getty Images

Security experts are warning PGP users to disable tools that automatically decrypt PGP-encrypted email after the discovery of a critical vulnerability which could help attackers read protected emails. The flaw, named EFAIL, reportedly affects both sent and received messages, including past correspondence. PGP encryption is used by some of the bigger guys such as Apple Mail, Outlook, and Thunderbird.

The use of PGP - short for Pretty Good Privacy - for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russian Federation. Dmitri Strukov, a professor of electrical and computer engineering at the University of California, and his team are working to put an additional security measure on internet-connected devices to prevent hackers from cloning them. The reason is that a team of European researchers has found critical flaws in the encryption standards and now there are no fixes available.

The advice of the EFF and Schinzel mirror one another: disable any plug-ins using PGP, stop sending and reading PGP-encrypted email and use other channels using end-to-end encryption like Signal for the time being. Instead, the flaw is in various email programs that failed to check for "decryption errors properly before following links in emails that included HTML code".

More specifically, the vulnerability has been discovered in the PGP or S/MIME software for email encryption. "They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past".

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim.

EFF said in a blog post that users should uninstall PGP until the flaw is patched.

Another short term fix that the security researchers suggest is that OpenPGP and S/MIME users decrypt emails, outside of their primary email client.

It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.

Disabling PGP and S/MIME are seen as conservative stopgaps until proper mitigation can be applied more broadly.

To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient. The Efail attacks rely on external communication and if a user is decrypting emails in a standalone application, the risks are somewhat muted.

Other News

Trending Now

Ryan Reynolds Plays 'Deadpool' Video Game for the First Time
Catch Reynolds in Deadpool 2 , which hits theaters on May 18 in the US, May 15 in the United Kingdom and May 16 in Australia. He informed the judges that he hadn't told anyone of his surprise appearance on the show, including wife Blake Lively .

Xerox drops Fujifilm merger plan, strikes a deal with activists
As part of its choice to call off the merger contract, Xerox fired its chief executive Jeff Jacobson in ancient might. A spokesperson said: "Fujifilm disputes Xerox's unilateral decision to terminate the transaction".

The one royal wedding tradition you probably never knew about
He was spotted chatting to the Queen through the car's open window, and also pictured watching the show with a pair of binoculars. Princess Anne visited her father at the King Edward VII hospital where she said the Duke was "in good form".

Fielding miscue dooms Pirates in 5-0 loss to Giants
Pirates: RHP Joe Musgrove (right shoulder strain) will have one more rehab start after throwing 5 2/3 innings on Saturday. A few thoughts and observations about where the Pirates have been over the past few days and where they're headed ...

Pour One Out For The Monster Hunter Movie Already
The film will have a budget of around $60 million from Constantin Film, and will be shot around Cape Town in South Africa. Not much is known about the film right now, although presumably it will involve a bunch of people hunting monsters.

Delay in ICSE, CBSE results worries students
Seven of the 13 toppers in the Class 10 ICSE exams and six of the 49 toppers in the Class 12 ISC exams are from Mumbai city. The pass percentage of the ISC Class 12 Results was 96.56 per cent in 2017, nearly same as 2016's 96.46 per cent.

Russia, Iran discuss nuclear deal after USA withdrawal
After the Chinese capital, Zarif will attend talks in Moscow and Brussels with representatives of the pact's other signatories.