large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Major flaw in email’s encryption technology can expose users to criminals

Security researchers are warning that a serious flaw has been discovered in PGP, which for years has been considered the best encryption technology available for email.

The flaw, as reported by the BBC, was discovered by Sebastian Schinzel, who was investigating the encryption protocol as part of his role at the Münster University of Applied Sciences.

The discovery means that PGP shouldn’t be relied upon to provide secure messaging, as it can be circumvented by exploiting this vulnerability, referred to as EFAIL.

However, it shouldn’t be too big a task to patch the vulnerability, since it’s not the core PGP encryption technology that’s at fault.

Instead, EFAIL exploits vulnerabilities in mail clients such as Apple Mail, iOS Mail and Mozilla Thunderbird, which we’d expect to issue patches shortly. For the time being, Motherboard recommends that you can get around the issue by disabling HTML rendering in your mail client, which prevents the request being sent to a hacker that would allow them to decrypt your messages.

Email: an ageing communication method

Of course, the first thing people think of when you mention encrypted messaging in 2018 is likely to be an app like WhatsApp or Signal, rather than old-fashioned email.

When set up properly, a technology like PGP is actually pretty secure, but the amount of different parts of the email equation (a separate provider and mail client for example) creates cracks that can occasionally expose vulnerabilities.

In contrast, a client like WhatsApp controls every part of the messaging ecosystem, meaning that it’s controlling all the pieces of the encryption puzzle when it offers end-to-end encryption.

Do you still use PGP in 2018, or have you moved on to a secure messaging app? Let us know @TrustedReviews.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.