Monday, May 14, 2018

How Serious is the Security Risk of the newly Discovered “Efail” Encryption Threat?

Colleagues, researchers at Germany’s KU Leuven, Ruhr University Bochum and Munster University published a new paper detailing the risk of Efail to OpenPGP and S-Mine encryption standards. OpenPGP, the commonly employed email encryption method was OpenPGP was originally derived from the PGP software. Whereas, S/MIME is based on asymmetric cryptography to protect your emails from unauthorized access. Efail enables an attacker to use the target’s own email client to decrypt previously acquired messages and return the decrypted content to the attacker. Efail exploits plaintext-recovery attacks on email standards as opposed to network protocols TLS, IPsec and SSH. The email apps deemed to be most at risk include Mozilla Thunderbird, iOS Mail and Apple Mail. Two mitigation techniques have been identified. First, decrypt emails outside of their primary email client. And second, disable HTML rendering. Open issue: Just how serious and widespread of a threat does Efail represent to corporate and individual email users? Let us known your comments and subscribe today! Lawrence, Cyber Security Defender (

No comments:

Post a Comment