Secure Encrypted Email Platform PGP Is Not Secure

Uploaded on 2018-05-21 in TECHNOLOGY-Key Areas-Social Media, NEWS-Cybersecurity News, FREE TO VIEW

The cybersecurity community is bracing for impact after a team of researchers revealed recently that critical vulnerabilities in the encrypted email program PGP (Pretty Good Privacy) could be exploited to expose secret messages in plain text. 

PGP, which is used to scramble the content of sensitive messages and believed to be one of the most secure methods of protecting private email communications, was used by National Security Agency (NSA) whistleblower Edward Snowden to contact journalists.

Sebastian Schinzel, professor of computer security at Germany’s Münster University of Applied Sciences, alongside a team of eight researchers, revealed on Twitter that there are currently no stable fixes for the issues and said the service should not be used until a patch is released. 

The Electronic Frontier Foundation (EFF), a digital liberties campaign group, released guides on how to temporarily disable PGP plug-ins in three email clients.

“We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past,” Schinzel tweeted, sparking immediate concern from users.

“There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now,” he added

In its blog post, the EFF wrote: “A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME.

“EFF has been in communication with the research team and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. 

“In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.”

The blog post concluded: “Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.”

Reacting to the news, Matt Blaze, a cryptography expert at the University of Pennsylvania, tweeted: “Our collective inability to design and deploy a useable secure email system at scale is one of the most embarrassing failures of the applied cryptography community.”

Newsweek

You Might Also Read: 

Top Tips To Protect Email Accounts From Hackers:

Security & Encryption After Edward Snowden:
 

« Ex-Employee Suspected Of Leaking CIA Hacking Tools
The Swiss Bank Where Robots Replace Employees »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Hodgson Russ

Hodgson Russ

Hodgson Russ is a US business law firm. Practice areas include Privacy, Data Breach & Cybersecurity.

Glasswall Solutions

Glasswall Solutions

Glasswall Solutions has developed a disruptive, innovative security technology which provides unique protection against document based cyber threats.

Panaseer

Panaseer

Panaseer is an enterprise cybersecurity automation and data analytics company that helps organizations stop preventable breaches by ensuring security controls are working effectively.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

RNTrust

RNTrust

RNTrust provide solutions to meet today’s digital challenges utilizing digital technologies and services to make you more secured in digitally connected environment.

SideChannel

SideChannel

At SideChannel, we match companies with an expert virtual CISO (vCISO), so your organization can assess cyber risk and ensure cybersecurity compliance.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.

3DOT Solutions

3DOT Solutions

3DOT Solutions is an established UK cybersecurity consultancy focused on delivering end-to-end cyber security solutions for private and public sector customers.