Email encryption flaws can expose Apple Mail, Outlook, and Thunderbird messages

Edward Snowden

Edward Snowden

Users of the said software have been advised to immediately disable it in email clients.

The team had been due to publish its full findings on Tuesday but rushed them out after the news made waves among the community of encrypted email users that includes activists, whistleblowers and journalists working in hostile environments. The reason is that a team of European researchers has found critical flaws in the encryption standards and now there are no fixes available.

During the tests, which have been quickly dubbed "Efail" by German media, the team was able to trick computers into covertly forwarding them decrypted messages.

By comparison, the Gadget Attack affects a much wider variety of mail clients, including Microsoft's Outlook, but ranges in efficacy based on whether it's used against PGP or S/MIME encryption.

More news: Panchayat polls: Stray incidents of violence in WB

The research paper details multiple different approaches that the vulnerabilities can be used in to decrypt S/MIME and OpenPGP encrypted emails in vulnerable clients.

The vulnerabilities in PGP and S/MIME standards pose an immediate risk to email communication including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation (EFF), a US digital rights group.

EFF said in a blog post that users should uninstall PGP until the flaw is patched.

The researchers warned that both tools can no longer sufficiently guarantee the security of encrypted messages. Instead, the flaw is in various email programs that failed to check for "decryption errors properly before following links in emails that included HTML code".

More news: Chili's says 'data incident' may have exposed credit card info

In a tweet, Koch said the vulnerability is primarily in the email clients and not in the protocols.

For the HTML risk, the researchers advise that OpenPGP and S/MIME users simply disable HTML rendering.

PGP or Pretty Good Privacy was developed in 1991 by Phil Zimmermann.

The use of PGP for secure communications has been advocated, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the US National Security Agency before fleeing to Russian Federation. In today's world of the Internet of Things (IoT), more and more devices are connected to each other and this poses a great cybersecurity risk.

More news: Gotham renewed for fifth and final season at Fox

Academics from Münster University of Applied Sciences, along with their peers at Ruhr University Bochum, and KU Löwen in Belgium, said they were able to break two types of encryption that until now were so secure that even intelligence agencies couldn't penetrate. The core technology behind this chip is the memristor, or memory resistor.

Recommended News

  • Mercedes-AMG GT S Roadster Blows Its Top

    Mercedes-AMG GT S Roadster Blows Its Top

    The company did not announce a price, but CNET expects the price to slide in between the $125,000 GT and the $157,000 GT S. Just in time for summer, this new Mercedes-AMG GT S Roadster is a hotter version of their gorgeous convertible.
    Near Earth an asteroid about the size of the Statue of Liberty

    Near Earth an asteroid about the size of the Statue of Liberty

    Astronomers think that in spite of its dimension as well as range to Earth, 2010 WC9 will securely zoom past the planet. It is bigger than the Chelyabinsk meteor, which broke up entering the Earth's atmosphere five years ago in 2013.
    NHC eyeing tropical disturbance in the Gulf of Mexico

    NHC eyeing tropical disturbance in the Gulf of Mexico

    Long range data suggests a blocking pattern will setup across the country, so the unsettled pattern may linger past the weekend. The big impact will be the heavy rainfall, although that's not necessarily a bad thing since many areas have recently been dry.
  • The OnePlus 6 Was Briefly Listed On Amazon Germany

    The OnePlus 6 Was Briefly Listed On Amazon Germany

    Just a few days before launch, WinFuture has revealed what appears to be the first crystal clear images of the OnePlus 6 . OnePlus recently claimed that OnePlus 6 camera would rival those of Samsung Galaxy S9 , Apple iPhone X and Google Pixel 2.
    Legendary NFL coach Chuck Knox passes away at age 86

    Legendary NFL coach Chuck Knox passes away at age 86

    In 2005, Knox was inducted into the Seahawks Ring of Honor in recognition of his achievements with the franchise. Louis Cardinals. "As Knox said himself, 'What you do speaks so well, no need to hear what you say'".
    Barcelona's unbeaten season ended by five-star Levante

    Barcelona's unbeaten season ended by five-star Levante

    That wasn't enough though as an Emmanuel Boateng hat-trick and a brace from Enis Bardhi sealed a shock victory for 15th-placed Levante.
  • Armenia PM says no changes in foreign policy after political crisis over

    Armenia PM says no changes in foreign policy after political crisis over

    The Armenian Parliament Tuesday elected opposition leader Nikol Pashinyan as the country's prime minister. Some parliamentarians from the ruling Republican Party also cast their votes in his favor.
    NES Classic Coming Back June 29

    NES Classic Coming Back June 29

    Tracking down a Nintendo and purchasing all the games that were included in the NES Classic would cost hundreds of dollars. You may also see it called the " Nintendo NES Classic Edition " or just "NES Mini", but they're all the same thing.
    Prince Philip spotted with the Queen for first time since hip surgery

    Prince Philip spotted with the Queen for first time since hip surgery

    Philip, 96, has been ensconced in his Windsor Castle home with the Queen since leaving hospital in London on 13th April. Philip was photographed sitting at the wheel of a 4×4, chatting to the Queen through the vehicle's open window.
  • Tourist Students Drowned Into Jagran Ravine In Neelum

    Tourist Students Drowned Into Jagran Ravine In Neelum

    In a message, Prime Minister Shahid Khaqan Abbasi expressed sympathy and regret over the incident. The Neelum Valley is a popular tourist destination in the Pakistan-administered part of Kashmir.
    Ederson signs new deal with Man City

    Ederson signs new deal with Man City

    Arsenal had already ensured sixth place while Huddersfield guaranteed their top-flight survival with a midweek draw at Chelsea . Manchester City goalkeeper Ederson agrees terms on a new deal to see him contracted to the Citizens for another seven years.
    Goa Congress Demands to Appoint Amit Shah as Full-Fledged Chief Minister

    Goa Congress Demands to Appoint Amit Shah as Full-Fledged Chief Minister

    "Chief Minister Chandrababu Naidu should apologise to the BJP national president". He said he could not attend the party workers' meeting because of his ill health.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.