PGP-Encrypted Emails May Be Readable

PGP-Encrypted Emails May Be Readable
A newly-discovered software vulnerability means it may be possible to read encrypted emails sent in the past.

(CCM) — Users of PGP email encryption have been warned to stop using the software immediately because a newly discovered security flaw may make it possible to read encrypted messages.

The Electronic Frontier Foundation (EFF) has passed on the warning issued by a group of European security researchers after they found a set of vulnerabilities in PGP and S/MIME.

"Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email," the EFF said. "Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email."

Sebastian Schinzel, one of the researchers, promised in a Tweet to provide more details of the vulnerabilities on May 15, 2018. "There are currently no reliable fixes for the vulnerability," he added.

PGP is often used to encrypt messages in popular email programs such as Outlook, Apple Mail, Thunderbird, and Enigmail.

Mikko Hypponen, a global security expert, pointed out that even if users follow the EFF advice this does not necessarily do anything to protect older email messages. "This vulnerability might be used to decrypt the contents of encrypted emails sent in the past. Having used PGP since 1993, this sounds baaad."

Image: © iStock.