The flaw occurs in software that uses Pretty Good Privacy, a tool for scrambling e-mail. However, in order to exploit the vulnerability, hackers must convince their targets to reply to a sabotaged e-mail message.

Researchers working at Columbia University discovered the flaw, which requires a hacker to intercept and modify an encrypted message. If the recipient attempts to decrypt the message, he or she will be presented with a string of gibberish. If the recipient then replies to that message, saying, for instance, “what were you trying to say?” and quotes the string of gibberish, the attacker could use that response to decode the original message.