Click to Skip Ad
Closing in...

Security flaw exposes encrypted email in almost every mail service

Published May 14th, 2018 7:06PM EDT
Email Encryption Hacked
Image: imageBROKER/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

If you’re using encrypted email (PGP and S/MIME) to exchange sensitive data with others, you should consider other alternatives until you hear they’re safe again. A security flaw would allow attackers to turn encrypted emails in plaintext.

For the time being, there’s no fix so your best bet would be to remove these encryption standards from their email communications.

Security researchers in Europe discovered the security flaws, posting on Twitter about the issue.

Sebastian Schinzel, professor of computer security at Münster University of Applied Sciences, said the flaws “reveal the plaintext of encrypted emails, including encrypted emails you sent in the past,” which sounds just as scary as you imagine.

The Electronic Frontier Foundation (EFF) published a blog post on the matter, saying that it can confirm “these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”

The full details will be published in a paper on Tuesday morning (European time), so you have some time to act:

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

The EFF also published guides on disabling PGP plugins in Thunderbird, Apple Mail, and Outlook.

As Ars Technica explains, the threat is real and should be dealt accordingly until a permanent fix is in place.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.