Email
Password
Remember meForgot password?
    Log in with Twitter

article imageThere's a vulnerability in common forms of email encryption

By Lisa Cumming     May 14, 2018 in Technology
European researchers have published a report that outlines the discovery of a vulnerability in two very common forms of email encryption.
OpenPGP and S/MIME are two of the most common forms of email encryption and a newly-published paper coming out of a partnership between researchers from the Münster University of Applied Sciences, Ruhr University Bochum and KU Leuven has found a vulnerability.
The attack, as explained by The Verge, allows "bad actors inject malicious code into intercepted emails, despite encryption protocols designed to protect against code injection."
In this scenario, the researchers wrote that the attacker already had gained access to end-to-end encrypted emails. From there, the actor manipulates the ciphertext of the email. This changed email is then sent back to the original receiver or the original sender who, unfortunately, opens the attack mail — because it doesn't look threatening — and the changed ciphertext is now decrypted and sent back to the attacker who has access to the information in the email.
Professor of computer security at Münster, Sebastian Schinzel, wrote on Twitter that "there are currently no reliable fixes for the vulnerability." The researchers as a whole advise "to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email."
More about Email, Encryption, OpenPGP, SMIME