(Clarifies description of how PGP works in para 21)
* Researchers urge users to disable and uninstall immediately
* Apple, iOS and Thunderbird mail at risk
* Email in HTML format, with external links, vulnerable
By Douglas Busvine
FRANKFURT, May 14 (Reuters) - European researchers have found that the popular PGP and S/MIME email encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately.
University researchers from Muenster and Bochum in Germany, and Leuven in Belgium, discovered the flaws in the encryption methods that can be used with popular email applications such as Microsoft Outlook and Apple Mail.
"There are currently no reliable fixes for the vulnerability," lead researcher Sebastian Schinzel, professor of applied cryptography at the Muenster University of Applied Sciences, said on Monday.
"If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now."
The team had been due to publish its full findings on Tuesday but rushed them out after the news made waves among the community of encrypted email users that includes activists, whistleblowers and journalists working in hostile environments.
Titling the exploit 'Efail https://efail.de', they wrote that they had found two ways in which hackers could effectively coerce an email client into sending the full plaintext of messages to the attacker.
There's no immediate suggestion that spy agencies or state-sponsored hackers have already used the technique to burrow into people's emails.
The researchers have informed email providers of their findings, under so-called responsible disclosure, and it now falls to others to establish whether the exploits can be replicated.
In the first exploit, hackers can 'exfiltrate' emails in plaintext by exploiting a weakness inherent in Hypertext Markup Language (HTML), which is used in web design and in formatting emails.
Apple Mail, iOS Mail and Mozilla Thunderbird are all vulnerable to direct exfiltration, they said.
A second attack takes advantage of flaws in OpenPGP and S/MIME to inject malicious text that in turn makes it possible to steal the plaintext of encrypted emails.
The vulnerabilities in PGP and S/MIME standards pose an immediate risk to email communication including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation (EFF), a U.S. digital rights group.
In a blog post https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0, the EFF recommended that PGP users uninstall or disable their PGP email plug-ins while the research community evaluates the seriousness of the flaws reported by the European research team.
It also said that users should switch for the time being to non-email-based secure messaging apps such as Signal for sensitive communications.
Germany's Federal Office for Information Security (BSI) said in a statement there were risks that attackers could secure access to emails in plaintext once the recipient had decrypted them.
It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.
"Securely encrypted email remains an important and suitable means of increasing information security," it said in a statement, adding that the flaws which have been discovered can be remedied through patches and proper use.
PGP - short for Pretty Good Privacy - was invented back in 1991 by Phil Zimmermann and has long been viewed as a secure form of end-to-end encryption impossible for outsiders to access. Zimmermann is co-founder and chief scientist of Silent Circle, an encrypted communications firm.
PGP has in the past been endorsed, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the U.S. National Security Agency before fleeing to Russia.
PGP works using an algorithm to generate a 'hash', or mathematical summary, of a user's name and other information. This is then encrypted using the addressee's public 'key' and decrypted on receipt using their private key.
To exploit the weakness, a hacker would need to have access to an email server or the mailbox of a recipient. In addition the mails would need to be in HTML format and have active links to external content to be vulnerable, the BSI said.
It advised users to disable the use of active content, such as HTML code and outside links, and to secure their email servers against external access. (Editing by Matthew Mpoke Bigg)