Critical flaw found in email encryption tools2018-05-15 10:09 by Daniela
European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately.
The weakness could allow a hacker to expose plaintext versions of encrypted messages—a nightmare scenario for users who rely on encrypted email to protect their privacy, security, and safety.
The researchers dubbed the flaw "EFail," and say it affects over a dozen email clients, such as Apple Mail, Microsoft's Outlook, and Thunderbird, which either support a plugin tool or use a native standard for their encryption.
If an encrypted email using those clients is intercepted in transit, an attacker could use the new vulnerability to modify the email, adding malicious HTML code before sending it to the target. When the target opens the new email, the malicious code could be used to send back the plaintext of the email.
For PGP users, the researchers created a page with more information on how you can protect yourself from the EFail threat. They warn that the flaw won't be fully fixed until the IT community updates the PGP and S/MIME standards.
Read more -here-