Researchers have found a vulnerability in two popular email encryption protocols

The Verge Technology 5 months ago

European security researchers have found an alarming new vulnerability in the most common forms of email encryption. The attack, described in a report published Monday morning, lets bad actors inject malicious code into intercepted emails, despite encryption protocols designed to protect against code injection. Implemented correctly, the malicious code could be used to steal the entire contents of a target’s inbox.

The vulnerability affects two of the most common email encryption protocols, PGP and S/MIME, although the degree of vulnerability depends heavily on the client’s implementation of the protocol. A number of different clients are vulnerable, including Apple Mail, the Mail App on iOS, and Thunderbird. Notably, many currently available message authentication systems can effectively block the attack.

If an email encrypted using those clients is intercepted in transit, an attacker could use the new vulnerability modify the email, adding malicious HTML code before sending it to the target. When the target opens the new email, the malicious code could be used to send back the plaintext of the email.

Many corporate servers still use S/MIME encryption, so the attack poses a significant risk to current systems.

The open-sourced software GNU Privacy Guard wrote in a statement, “There are two ways to mitigate this attack: Don’t use HTML emails...use authenticated encryption.”

Sebastian Schinzel, a professor of Computer Security at the Münster University of Applied Sciences‏ who co-wrote the paper warns on Twitter that “there are currently no reliable fixes for the vulnerability.” He recommends people disable their encryption in their email client if they use PGP for sensitive communications. The Electronic Frontier Foundation calls these measures “a temporary, conservative stopgap” until the wider community fixes the issues.

Source link
Read also:
VentureBeat Technology 5 months ago
Rumors of email’s demise have been greatly exaggerated. While the “age-old” communication conduit may have new rivals, it is showing little sign of...
NDTV News 5 months ago
In West Bengal's Bhangar, bombs in buckets found in ex-TMC lawmaker's backyardBhangar, West Bengal: Hundreds of crude bombs were found behind the...
Chicago Tribune 5 months ago
The body of a Mount Greenwood neighborhood woman who was reported missing was found outside a Southwest Side home on Friday morning, officials...
Chicago Tribune 5 months ago
The mother of Lucio Cambray, the 18-year-old found dead in a pool at an unoccupied Waukegan house in early January, is calling for those who know...
Los Angeles Times 5 months ago
One day last month, Saqib Keval and Norma Listman wandered into a Mexico City cafe to drown their sorrows in a bottle of mezcal. They had just...
The Sun Lifestyle 5 months ago
DEADLY crack cocaine has been found inside the top security drugs policy department at the Home Office HQ. Police were called in after the Class A...
The Sun 5 months ago
FRIGHTENED Rabbit band members took an emotional trip to the site where Scott Hutchison's body was found. Hutchison's brother and band mate Grant is...
PEOPLE.com Lifestyle 5 months ago
An Oregon toddler reported missing after his father allegedly left him alone in a forest was found safe in a pile of dirt, PEOPLE confirms. Bradley...
Fox News 5 months ago
The infant who went missing Thursday was found naked and unharmed in the woods in Oregon hours later and his father was arrested for leaving his son...
One click to connect
Select a social network to associate your account