“European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately,” Douglas Busvine reports for Reuters. “University researchers from Muenster and Bochum in Germany, and Leuven in Belgium, discovered the flaws in the encryption methods that can be used with popular email applications such as Microsoft Outlook and Apple Mail.”
“‘There are currently no reliable fixes for the vulnerability,’ lead researcher Sebastian Schinzel, professor of applied cryptography at the Muenster University of Applied Sciences, said on Monday. ‘If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now,'” Busvine reports. “Titling the exploit ‘Efail https://efail.de’, they wrote that they had found two ways in which hackers could effectively coerce an email client into sending the full plaintext of messages to the attacker.”
“In a blog post, the EFF recommended that PGP users uninstall or disable their PGP email plug-ins while the research community evaluates the seriousness of the flaws reported by the European research team,” Busvine reports. “It also said that users should switch for the time being to non-email-based secure messaging apps such as Signal for sensitive communications.”
Read more in the full article here.
MacDailyNews Take: Mac users of PGP-encrypted email should immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. iOS users should disable “Load Remote Images” in Mail settings. See the article below for more details.
How to protect yourself from the EFAIL vulnerability on Mac and iOS – May 14, 2018