Security researchers at WithSecure, formerly F-Secure Business, discovered that it is possible to partially or fully decrypt the content of encrypted messages sent through Microsoft Office 365 due to the use of a weak block encryption mode.
Organizations use Office 365 message encryption to send or receive email, both externally and internally, to ensure content confidentiality from destination to source.
However, the function encrypts the data using Electronic Code Book (ECB) mode, which allows the plain text message to be deduced under certain conditions.
ECB mode problem
The main problem with ECB is that repetitive areas in the plain text data have the same encrypted result when the same key is used, thus creating a pattern.
The problem came to the fore after the massive Adobe data breach in 2013, when tens of millions of passwords were leaked and researchers discovered that the company used ECB mode to encrypt data, making it possible to obtain passwords from plain text. .
This weakness was highlighted again in 2020 when the widely used teleconferencing app Zoom was found to be using the same 128-bit key to encrypt all audio and video using the AES algorithm with ECB mode.
WithSecure’s Harry Sintonen points out that with Office 365 Message Encryption the content of encrypted messages cannot be decrypted directly, but structural information about those messages can be captured.
An attacker who is able to collect multiple encrypted messages can look for patterns that can cause parts of the message to gradually become readable without the need for an encryption key.
The researcher explains that a large database of messages makes it possible to infer all content or just parts of it by looking at the relative locations of the repeated sections.
To demonstrate that this can be achieved, Sintonen revealed the content of an image protected by Office 365 Message Encryption.
still no solution
Threat actors can analyze stolen encrypted messages offline, as organizations have no way to prevent this for messages that have already been sent. Sintonen notes that using the rights management feature does not alleviate the problem.
The researcher reported this finding to Microsoft in January 2022. The tech giant acknowledged the problem and paid a bug bounty, but did not publish a fix.
After repeated follow-up questions about the status of the vulnerability, Microsoft told WithSecure that “the issue does not meet the security service requirements, nor is it considered a breach,” and therefore there will be no patch for it.
BleepingComputer has also contacted Microsoft about this and a company spokesperson said that “the rights management feature is intended as a tool to prevent accidental misuse and is not a security barrier.”
The reason Microsoft still uses the ECB implementation is support for legacy applications. However, the company is working on adding an alternative encryption protocol to future versions of the product.
WithSecure recommends that until a more secure mode of operation is available, users and administrators should stop using or relying on the Office 365 Message Encryption feature.