Skip to main content

'Serious flaw' found in PGP email security

(Image credit: Image source: Shutterstock/kpatyhka)

A 'serious flaw' has allegedly been found in the PGP technology used to secure many major email platforms.

Sebastian Schinzel from the Munster University of Applied Sciences, published a research paper showing that hackers could attack PGP. PGP, or Pretty Good Privacy, is a method of encrypting data that is usually used when sending confidential email.  

According to the research, there's an issue affecting the core protocol of PGP, which means that all uses of the protocol could be made vulnerable. A new website has been set up, detailing the vulnerability and how it operates.

However some other researchers have claimed that the entire matter is not that bad, with Werner Koch, of GnuPG, stating the entire problem has been ‘overblown’. The problem has been known for ‘some time’, and it’s not about the encryption method, but about email programs designed without proper safeguards.

“it's just a modern spin on something we started defending against almost twenty years ago,” commented his colleague Robert J. Hansen. “If you're worried about the Efail attack, upgrade to the latest version of GnuPG and check with your email plugin vendor to see if they handle MDC errors correctly.  Most do.”

 Image source: Shutterstock/kpatyhka

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.