May 14, 2018

Security flaw discovered in email encryption

A wax seal marked with an "@" sign protects an letter.

Photo: Wodicka/ullstein bild via Getty Images

Researchers are warning that there is an security vulnerability affecting two email security protocols: S/MIME and the granddaddy of all email encryption standards, PGP.

The big picture: Details are scant at this point, and the report on the vulnerability will not be released until early tomorrow morning. But the report has been verified by the Electronic Frontier Foundation, which advises that all users turn PGP off.

What they're saying:

"They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past....There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now.
— Sebastian Schinzel, professor of computer science at FH Münster University of Applied Sciences and part of the team that discovered the flaw
Go deeper