Major flaw in email’s encryption technology can expose users to criminals

Security researchers are warning that a serious flaw has been discovered in PGP, which for years has been considered the best encryption technology available for email.

The flaw, as reported by the BBC, was discovered by Sebastian Schinzel, who was investigating the encryption protocol as part of his role at the Münster University of Applied Sciences.

The discovery means that PGP shouldn’t be relied upon to provide secure messaging, as it can be circumvented by exploiting this vulnerability, referred to as EFAIL.

However, it shouldn’t be too big a task to patch the vulnerability, since it’s not the core PGP encryption technology that’s at fault.

Instead, EFAIL exploits vulnerabilities in mail clients such as Apple Mail, iOS Mail and Mozilla Thunderbird, which we’d expect to issue patches shortly. For the time being, Motherboard recommends that you can get around the issue by disabling HTML rendering in your mail client, which prevents the request being sent to a hacker that would allow them to decrypt your messages.

Email: an ageing communication method

Of course, the first thing people think of when you mention encrypted messaging in 2018 is likely to be an app like WhatsApp or Signal, rather than old-fashioned email.

When set up properly, a technology like PGP is actually pretty secure, but the amount of different parts of the email equation (a separate provider and mail client for example) creates cracks that can occasionally expose vulnerabilities.

In contrast, a client like WhatsApp controls every part of the messaging ecosystem, meaning that it’s controlling all the pieces of the encryption puzzle when it offers end-to-end encryption.

Do you still use PGP in 2018, or have you moved on to a secure messaging app? Let us know @TrustedReviews.