EFail Flaw: Encryption Alone Does Not Protect Your Email
As reported last week by eWeek and others, researched found two flaws that allow hackers with access to email accounts to read emails encrypted with OpenPGP and S/MIME. This is significant for two reasons:
- These standards are available for us in almost every email client
- Budget-conscious users often relay on public-domain or free tools to use OpenPGP or S/MIME for email encryption
As noted in the eWeek article, 23 of 35 email clients tested as of the publication date were vulnerable. While the actual risk from EFail is currently moderately low — hackers need access to the encrypted emails before they can exploit EFail, the rate of identity compromise is on the rise. Secondary threats, such as EFail, will become a more prominent form of attack in the future.
Free Encryption Solutions Often Lack Sufficient Protection
Robust email security and encryption services include features, such as validation of digital signatures, that ensure the integrity of encrypted email messages.
Furthermore, solutions, like ZixEncrypt, control both ends of the encryption process, so any messages (with or without S/MIME encrypted attachments) with an invalid or missing digital signature get bounced. Integrity checks prevent the delivery of compromised messages, thereby preventing exposure.
As you face an increasing need to secure email communications, the robust features in services like ZixEncrypt create a value proposition most businesses cannot and should not ignore.
Contact us for more information about email security, encryption, and compliance.