A researcher warned the world on late Sunday night that PGP and S/MIME, the two most heavily utilized encryption methods for email, can easily be hacked and the attacker can easily get access to the plain text of a message.
Prof. of computer security, Sebastian Schinzel, Münster University of Applied Sciences, tweeted, “The errors can expose the plain text of the encrypted e-mails, as well as the encrypted email sent in the past.” There are no reliable solutions for this flaw. In case you are using S/MIME or PGP/GPG for email encryption to send sensitive information via e-mail, you should disable it.
He further added, “On May 15, 2018, we are going to release a document with mentioned vulnerabilities in S/MIME and PGP/GPG encryption methodologies. A team of Europe-based security researcher has published a warning regarding the vulnerabilities impacting the users.
Schinzel said, “EFF is been in touch with the team of investigators, and can verify the vulnerabilities which impact immediately to the user using these techniques of encryption for emails, as well as the potential exposure of past message.
Both the EFF and Schinzel blog post pointed to the EFF guidelines for disabling the plug-ins in MacOS, Thunderbird, and Outlook email applications. The guidelines mention only to disable the plug-in and not specifically to uninstall them. The EFF posts mentioned, “Your emails will not be decrypted automatically.” The EFF officials tweeted, “Do not decrypt the emails encrypted with PGP technique by utilizing your email application.”
As per the report by the security researches and the EFF confirmation about the vulnerabilities, it is significant to consider the recommendation of disabling the S/MIME and PGP/GPG encryption methods in an e-mail client and stay connected for additional details to be published soon. And more details about the same will be published as gathered by the research team and confirmed by EFF.