The Internetâ€™s two most widely used methods for encrypting emailâ€”PGP and S/MIMEâ€”are vulnerable to hacks that can reveal the plaintext of encrypted messages, a researcher warned late Sunday night. He went on to say there are no reliable fixes and to advise anyone who uses either encryption standard for sensitive communications to remove them immediately from email clients.
The flaws â€œmight reveal the plaintext of encrypted emails, including encrypted emails you sent in the past,â€� Sebastian Schinzel, a professor of computer security at MÃ¼nster University of Applied Sciences, wrote on Twitter. â€œThere are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.â€�
There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFFâ€™s blog post on this issue: https://t.co/zJh2YHhE5q #efail 2/4
â€” Sebastian Schinzel (@seecurity) May 14, 2018
Schinzel referred people this blog post published late Sunday night by the Electronic Frontier Foundation. It said: â€œEFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.â€�