Email encryption flaws can expose Apple Mail, Outlook, and Thunderbird messages

Computer encryption

Computer encryption

Users of the said software have been advised to immediately disable it in email clients.

The team had been due to publish its full findings on Tuesday but rushed them out after the news made waves among the community of encrypted email users that includes activists, whistleblowers and journalists working in hostile environments. The reason is that a team of European researchers has found critical flaws in the encryption standards and now there are no fixes available.

During the tests, which have been quickly dubbed "Efail" by German media, the team was able to trick computers into covertly forwarding them decrypted messages.

By comparison, the Gadget Attack affects a much wider variety of mail clients, including Microsoft's Outlook, but ranges in efficacy based on whether it's used against PGP or S/MIME encryption.

More news: NES Classic Coming Back June 29

The research paper details multiple different approaches that the vulnerabilities can be used in to decrypt S/MIME and OpenPGP encrypted emails in vulnerable clients.

The vulnerabilities in PGP and S/MIME standards pose an immediate risk to email communication including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation (EFF), a US digital rights group.

EFF said in a blog post that users should uninstall PGP until the flaw is patched.

The researchers warned that both tools can no longer sufficiently guarantee the security of encrypted messages. Instead, the flaw is in various email programs that failed to check for "decryption errors properly before following links in emails that included HTML code".

More news: 23 killed after heavy rain, dust storms lash parts of India

In a tweet, Koch said the vulnerability is primarily in the email clients and not in the protocols.

For the HTML risk, the researchers advise that OpenPGP and S/MIME users simply disable HTML rendering.

PGP or Pretty Good Privacy was developed in 1991 by Phil Zimmermann.

The use of PGP for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the US National Security Agency before fleeing to Russian Federation. In today's world of the Internet of Things (IoT), more and more devices are connected to each other and this poses a great cybersecurity risk.

More news: Petrol Price Hiked After 19 Day Pre-Karnataka Poll Hiatus

Academics from Münster University of Applied Sciences, along with their peers at Ruhr University Bochum, and KU Löwen in Belgium, said they were able to break two types of encryption that until now were so secure that even intelligence agencies couldn't penetrate. The core technology behind this chip is the memristor, or memory resistor.

Recommended News

  • Chili's says 'data incident' may have exposed credit card info

    Chili's says 'data incident' may have exposed credit card info

    We deeply value our relationships with our Guests and sincerely apologize to those who may have been affected. The company is using third party forensic experts to determine the extent of the breach.
    Israel kicks off US Embassy celebration, boosts border force

    Israel kicks off US Embassy celebration, boosts border force

    Forty-two Palestinians have been killed and over 1,800 have been wounded by Israeli fire since weekly protests began on March 30. Israel says it is protecting a sovereign border and accuses Hamas of using the unrest to plan and carry out attacks.
    NHC eyeing tropical disturbance in the Gulf of Mexico

    NHC eyeing tropical disturbance in the Gulf of Mexico

    Long range data suggests a blocking pattern will setup across the country, so the unsettled pattern may linger past the weekend. The big impact will be the heavy rainfall, although that's not necessarily a bad thing since many areas have recently been dry.
  • Will give in writing that BJP will win with absolute majority: Yeddyurappa

    Will give in writing that BJP will win with absolute majority: Yeddyurappa

    However, this is also a crucial election for the BJP, which has won in Karnataka only once before. Siddaramaiah told reporters here he did not find the electoral contest with JD (S) candidate G.T.
    The OnePlus 6 Was Briefly Listed On Amazon Germany

    The OnePlus 6 Was Briefly Listed On Amazon Germany

    Just a few days before launch, WinFuture has revealed what appears to be the first crystal clear images of the OnePlus 6 . OnePlus recently claimed that OnePlus 6 camera would rival those of Samsung Galaxy S9 , Apple iPhone X and Google Pixel 2.
    Four Earn NCAA Softball Regional Bids

    Four Earn NCAA Softball Regional Bids

    The victor of the Fayetteville Regional will play the victor of the Norman (Okla.) Regional in the super regional round. CT Friday evening, with Houston and Louisiana-Lafayette playing in the first game of the regional at 3 p.m.
  • India responsible for slow pace of 26/11 trial: Pak ex-minister

    India responsible for slow pace of 26/11 trial: Pak ex-minister

    ARY Television anchor Kashif Abbasi led the attack, commenting that Sharif had let Pakistan down to gain cheap publicity in India. Ms Rehman said no democratic state would ever allow non-state actors to go maim, plunder and loot across its border.
    Prince Philip spotted with the Queen for first time since hip surgery

    Prince Philip spotted with the Queen for first time since hip surgery

    Philip, 96, has been ensconced in his Windsor Castle home with the Queen since leaving hospital in London on 13th April. Philip was photographed sitting at the wheel of a 4×4, chatting to the Queen through the vehicle's open window.
    East Orchard Mesa girl in 'fair' condition after bear attack

    East Orchard Mesa girl in 'fair' condition after bear attack

    According to neighbors who spoke to a reporter from ABC News , the family does have cows, goats, and pigs in their yard. Colorado Parks and Wildlife officers are trying to find the bear with the help of federal wildlife services personnel.
  • Near Earth an asteroid about the size of the Statue of Liberty

    Near Earth an asteroid about the size of the Statue of Liberty

    Astronomers think that in spite of its dimension as well as range to Earth, 2010 WC9 will securely zoom past the planet. It is bigger than the Chelyabinsk meteor, which broke up entering the Earth's atmosphere five years ago in 2013.
    Amazon Summer Sale: Best deals on smartphones

    Amazon Summer Sale: Best deals on smartphones

    Samsung Galaxy S8: Discount of Rs 12,000 The Samsung Galaxy S8 is also available a pretty good discount during the four-day sale. Customers making purchases above Rs 250 using digital wallet Amazon Pay can get an extra 10 per cent cashback up to Rs 300.
    Xerox refused to merge with Fujifilm

    Xerox refused to merge with Fujifilm

    He was hired back in March by Icahn and Deason as a consultant in their campaign to try and block the Fuji deal. Xerox said earlier this month that it was seeking better terms for a proposed merger with Fujifilm.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.