In these times, everyone sends emails, whether it is for professional inquiries or simply personal. One thing for sure is that we have too much personal information and data stored in our mailboxes, for example, bookings confirmations, password details or professional contracts.
All this information could be vulnerable, according to researchers from University of Muenster and Bochum University in Germany, and the University of Leuven in Belgium. The Researchers found flaws in the encryption methods that famous application are using, for instance, Apple Mail and Outlook. Sebastian Schinzel, Professor at Muenster said that, “there are currently no reliable fixes for the vulnerability”. It is not only new emails that have been found to be the vulnerable ones, but also those sent in the past.
The flaw was discovered in Pretty Good Privacy (PGP) and (Secure/Multipurpose Internet Mail Extensions (S/MIME), the two most popular programmes used for encrypting emails. Those techniques, previously considered to be safe by privacy experts like Edward Snowden, are now considered unsafe by the Electronic Frontier Foundation (EFF). The EFF are encouraging users to keep away from biggest email applications (or even disable them), preferring safer options such as messaging, signal or telegram, for instance.
The researchers have completed their job and have informed dominant companies such as Apple and Microsoft about the flaw and their findings. It is the duty of these organisations to correct the flaw and protect their users.
How your emails can be stolen?
If a hacker manages to exploit this flaw, it will be coming from the Hypertext Markup Language (HTML), used in web design and emails formatting. The companies vulnerable to that direct exfiltration are Apple and iOS Mail and Mozilla Thunderbird, the study shows.
Another method of accessing private emails is to use software like PGP and S/MIME to inject malicious text and virus that steal the plain text of an encrypted email. So now the technologies that we thought were the safest are becoming the weakest.
Pretty Good Privacy was invented in 1991 by Phil Zimmermann and was one of the safest form of end-to-end encryption. After Zimmermann created Circle which is an encrypted communications firm. PGP ensures the security for its users by generating a mathematical summary of the user information. This allows creating a secure key that permits to decrypt emails.
Germany’s Federal Office for Information Security (BSI) advised that these issues could be fixed with some patches and proper use.
Moreover, to prevent those malicious intrusions in your private information and data, you must disable the use of active content like HTML code and external links in your emails.
Use messaging apps instead of webmail, as there are plenty of new messaging apps , such as WhatsApp or Telegraph, that are much more safer than PGP encrypted emails, as they don’t rely on encryption technology.
The EFF have released a step-by-step guide that can show you how to disable PGP in Outlook, Apple Mail and Thunderbird.