Emails Are No Longer Secure – Critical Flaw in PGP
Email Are No Longer Secure: The Security Researchers have found a vulnerabilities in PGP or S/MIME Email Encryption methods which is known as the EFAIL which aims at exposing the encrypted emails into the simple plain text even all the messages which were transferred in past.
“Now Emails is no longer a secure way of communication medium,” Sebastian Schinzel, Professor at Germany’s Munster University of Applied Sciences, He told the German news outlet Suddeutschen Zeitun.
This vulnerability was reported by the Electronic Frontier Foundation on the Monday Morning and those details after this report were updated on the Internet at 6 AM today.
Many groups of the people were saying to stop using the PGP services.
The Researchers confirmed that there is not yet an immediate fix available to this vulnerability.
“The EFAIL attacks have exploit the vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails.
In simple terms, EFAIL abuses active content of HTML emails, for example the externally loaded images or the styles, to exfiltrate the plaintext through the requested URLs.
For attackers to create this exfiltrate channels they first needs to have the access to encrypted emails, by evasdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. These emails could even have been collected years ago.
PGP (Pretty Good Privacy) is an encryption algorithm which is considered as the Gold Standard for security of emails which was at the first developed in the late 1991.
The PGP encryption became the standard of the market in the 21st century but after this breach, there will be a significant reduction of clients taking an advantage of this algorithm.
“They figured out that the mails clients which don’t work properly to check the decryption errors and also they do follow the links in HTML emails format.
So the vulnerability is in the email client itself and not in the protocols.
In fact, OpenPGP is an immune if used in the correct way awhile S/MIME has no deployed mitigation,”GNU Privacy Guard said on Twitter.