A group of researchers of European security has issued a warning about the set of vulnerabilities which will be affecting all PGP and S/MIME users. EFF has constantly been in touch with the research team and confirms about the vulnerabilities that pose an immediate risk to users who all are using tools for email communication and also to the contents of the past messages.
The warning has come from the Sebastian Schinzel, which is the lead of the IT security lab at the Munster University of Applied Sciences, has revealed about the attacks which exploit the vulnerability and might reveal the plaintext of the encrypted emails and also the emails that are sent in the past. This severe vulnerability has no proper fix, and as per researchers, the users who are using plug-ins to allow simple use of PGP should stop using it immediately and also delete it if possible.
The research into the PGP S/MIME vulnerabilities will be sourced to some familiar names which are listed by Schinzel, and it includes several who are behind the Drown research in 2016. The work on this is not done only by Munster University, but this has done by KU Leuven University and Ruhr-University. The full details of the study will be published in a paper on Tuesday at 7:00 AM UTC. To reduce the short-term risk, researchers are now trying to warn the wider PGP user community for the full publication.
The advice which is given by the researchers is to immediately disable or stop or uninstall the tools which are capable of automatically decrypt PGP-encrypted email. They also said that, till the flaws are described in the paper are understood and fixed, the users should be arranged to use some alternative end-to-end secure channels lie Signal and should stop using and reading PGP-encrypted email.
After this report, the EFF offering guidance and helping the user to remove the plug-ins which is associated with PGP email and users can find it on the blog. It is still unclear about the web services like Protonmail which uses this PGP form and is affected by this vulnerability. The steps which are mentioned by researchers should be followed strictly to protect yourself from PGP vulnerabilities.