They are popular among journalists, corporations and governments.
A group of researchers on cybersecurity from three European universities reported new vulnerabilities in the basic protocols of e-mail encryption. Through the attack, attackers can inject malicious code into intercepted messages and steal messages from the user’s mailbox.
The vulnerability concerns the PGP and S / MIME encryption protocols, and allows attackers to access, among other things, messages that have been sent in the past. The success of an attack depends on the implementation of the protocol in the specific client program.
However, experts noted that many popular email clients are vulnerable, among them Apple Mail, Mail application on iOS, as well as Thunderbird and Outlook. If the message was sent through these programs and the attackers intercepted it, then due to the vulnerability they can add malicious HTML code to the letter, even before it reaches the recipient. When he opens the message, this code will send the attacker an open message text.
As noted by The Verge, S / MIME encryption is popular among corporations and government, so an attack can affect many existing systems. Experts explainedthat while the vulnerability can only be protected by one method – do not use encrypted mail. Companies were advised to disable automatic encryption of messages on their own servers.
In the human rights organization EFF (Electronic Frontier Foundation) also recommended to stop using PGP and S / MIME and go to messengers. Detailed information on the vulnerability was promised to be published on May 15.