Alfredo Pironti

Friday, March 3, 2017

11:00am Meeting room 302 (Mountain View), level 3

Alfredo Pironti, Researcher, IOActive

15 Years of Broken Encrypted Emails... and We're Still Doing It Wrong


Starting from a research paper of 2001, we show how OpenPGP encryption of emails is fundamentally broken. We show how an attacker can get hold of sensitive email content by tampering with email data that the user would expect to be protected. We apply this attack against PGP-enabled email addresses used to report vulnerabilities to software vendors – and we get more than 50% of the submitted reports. Based on currently available information, we believe that recent End-to-End secure email projects still suffer from these same known issues.