The flaws affect S/MIME and OpenPGP, two technologies that e-mail programs often use to protect data.
The news: Ars Technica reports that security researchers in Germany have uncovered a way to decrypt e-mails that rely on the above techniques. They released their findings under the banner “Efail” in a paper published today.
The hacks: These essentially work by inserting manipulated text into an e-mail that’s been intercepted by hackers, and then sending it on to the unsuspecting recipient. Once the victim opens it, the malicious code tricks the program into sending a plain-text version back to the hacker. The researchers say new and archived e-mails are vulnerable.
The response: Some security executives say the risk exists only in e-mail programs that don’t check for decryption errors, so it’s worth verifying whether yours does. If you’re particularly paranoid, you might choose to decrypt messages in applications that are separate from your e-mail program—a step the German researchers recommend. They’ve disclosed the vulnerability to the companies providing e-mail programs, so watch out for software patches.
Why this matters: This hardly needs spelling out, but it’s worth noting that it’s not just an issue for companies and governments; many journalists and activists rely on encrypted e-mail to keep in touch with their sources.
Erik Prince wants to sell you a “secure” smartphone that’s too good to be true
MIT Technology Review obtained Prince’s investor presentation for the “RedPill Phone,” which promises more than it could possibly deliver.
Corruption is sending shock waves through China’s chipmaking industry
The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.
Inside the software that will become the next battle front in US-China chip war
The US has moved to restrict export of EDA software. What is it, and how will the move affect China?
Hackers linked to China have been targeting human rights groups for years
In a new report shared exclusively with MIT Technology Review, researchers expose a cyber-espionage campaign on “a tight budget” that proves simple can still be effective.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.