The Electronic Frontier Foundation (EFF) has warned about series of vulnerabilities affecting PGP and S/MIME, with users of these end-to-end secure channel for email communication exposed to some security risks.

While the vulnerabilities include the potential exposure of the contents of past messages, which according to a group of European security researchers, the security flaw might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.

The flaws as described in the paper are more widely understood, so users are advised to arrange for alternative end-to-end secure channels, like Signal, and to temporarily stop using PGP-encrypted email tool.

The EFF had also outlined some steps, covering: Thunderbird with Enigmail, Apple Mail with GPGTools, and Outlook with Gpg4win; as a temporary, conservative stopgap until the immediate risk of the exploit has been mitigated by the wider community.

The full research is scheduled to be released at 7:00 am UTC on Tuesday, which the EFF confirmed that more detailed explanation and analysis would be released as more information is publicly available.

And the researchers agreed to warn the wider PGP user community in advance of the full publication, so as to reduce the short-term risk.

The EFF warns on PGP and S/MIME Vulnerabilities affecting email communication



The Electronic Frontier Foundation (EFF) has warned about series of vulnerabilities affecting PGP and S/MIME, with users of these end-to-end secure channel for email communication exposed to some security risks.

While the vulnerabilities include the potential exposure of the contents of past messages, which according to a group of European security researchers, the security flaw might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.

The flaws as described in the paper are more widely understood, so users are advised to arrange for alternative end-to-end secure channels, like Signal, and to temporarily stop using PGP-encrypted email tool.

The EFF had also outlined some steps, covering: Thunderbird with Enigmail, Apple Mail with GPGTools, and Outlook with Gpg4win; as a temporary, conservative stopgap until the immediate risk of the exploit has been mitigated by the wider community.

The full research is scheduled to be released at 7:00 am UTC on Tuesday, which the EFF confirmed that more detailed explanation and analysis would be released as more information is publicly available.

And the researchers agreed to warn the wider PGP user community in advance of the full publication, so as to reduce the short-term risk.

No comments