Vulnerability Exposes PGP Encrypted Email
Users of the PGP encryption could have their email messages exposed thanks to a severe vulnerability, according to researchers in Germany.
Sebastian Schinzel, lead of the IT security lab at the Munster University of Applied Sciences, noted attacks exploiting the vulnerability "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past."
The Electronic Frontier Foundation (EFF) said it had reviewed the research and could "confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages."
"Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email," the EFF wrote in a blog post.
The EFF has also offered guidance on how to remove plug-ins associated with PGP email, such as ones for clients Apple Mail, Thunderbird and Outlook.
PGP was long seen as the standard for encrypted messaging and it remains the most popular method of sending private email.