Critical Flaw in PGP can Allow Hackers to Read all Encrypted Emails You have Ever Sent!

The attacker has to change an encrypted email in a specific way and send it to the victim

Photo Credit : Reuters,

Researchers have found a serious vulnerability affecting PGP (a widely used method of encrypting emails ) that might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.

According to the researchers, there wasn’t any flaw in the OpenPGP system, but rather, in email clients that failed to check for decryption errors properly before following links in emails that included HTML code.

How to stay safe?
At present, there is no fix for the flaw. Users are advised to disable all email tools that automatically decrypt PGP until a patch is released.

Besides this, a website has been set up explaining that the vulnerability requires the attacker to be able to intercept the email and tamper with it to reveal the plaintext of messages.

In other words, to exploit the vulnerability, the attacker has to change an encrypted email in a specific way and send it to the victim. The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.


Tags assigned to this article:
Critical Flaw pgp hackers Encrypted Emails

Advertisement

Around The World