'Serious flaw' found in PGP email security

null

A 'serious flaw' has allegedly been found in the PGP technology used to secure many major email platforms.

Sebastian Schinzel from the Munster University of Applied Sciences, published a research paper showing that hackers could attack PGP. PGP, or Pretty Good Privacy, is a method of encrypting data that is usually used when sending confidential email.  

According to the research, there's an issue affecting the core protocol of PGP, which means that all uses of the protocol could be made vulnerable. A new website has been set up, detailing the vulnerability and how it operates.

However some other researchers have claimed that the entire matter is not that bad, with Werner Koch, of GnuPG, stating the entire problem has been ‘overblown’. The problem has been known for ‘some time’, and it’s not about the encryption method, but about email programs designed without proper safeguards.

“it's just a modern spin on something we started defending against almost twenty years ago,” commented his colleague Robert J. Hansen. “If you're worried about the Efail attack, upgrade to the latest version of GnuPG and check with your email plugin vendor to see if they handle MDC errors correctly.  Most do.”

 Image source: Shutterstock/kpatyhka