Research indicate that Microsoft Office 365 secures messages using faulty email encryption.

Image: Computerworld

Due to the use of a flawed cryptographic algorithm, new research has revealed what is being referred to as a security vulnerability in Microsoft 365 that could be exploited to determine the contents of messages.

The Office 365 Message Encryption messages are encrypted using the unsafe Electronic Codebook (ECB) mode of operation, according to a report released last week by the Finnish cybersecurity firm WithSecure. Office 365 Message Encryption (OME) is a security tool that allows users inside and outside of an organization to send and receive encrypted email messages without disclosing any information about the communications themselves.

As a result of the newly disclosed issue, rogue third parties who gain access to encrypted email messages may be able to decipher the messages, effectively violating confidentiality safeguards. Electronic Codebook is one of the most basic modes of encryption, in which each message block is encoded separately by a key, resulting in identical plaintext blocks being transposed into identical ciphertext blocks, rendering it unsuitable as a cryptographic protocol.

In fact, the U.S. The National Institute of Standards and Technology (NIST) stated earlier this year that "ECB mode encrypts plaintext blocks independently, without randomization; thus, inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal."

However, the limitation identified by WithSecure is not the decryption of a single message, but rather the analysis of a stash of encrypted stolen mails for such leaky patterns and subsequent decoding of the contents. "By analyzing relative locations of repeated sections of the intercepted messages, an attacker with a large database of messages may infer their content (or parts of it)," the company explained.

The findings add to growing concerns that previously exfiltrated encrypted information could be decrypted and used in future attacks, a threat known as "hack now, decrypt later," fueling the need for quantum-resistant algorithms.

Microsoft 365 has been announced as the Office replacement.

Image: Softsonic

Join the club if you're a little confused. After realizing that its productivity suite was no longer only useful in an office setting, Microsoft announced that it was dropping the Office moniker in 2020. It appears that the business took two years to make that change, though. Finally, Microsoft Office will be rebranded as Microsoft 365 in 2023.

However, other than the name, nothing else has changed. According to Microsoft, you will continue to have access to programs like Word, Excel, PowerPoint, and Outlook as part of Microsoft 365. The Office 2021 and Office LTSC plans will continue to let customers and businesses make one-time purchases of those apps. The subscription plans for Office 365 are also unaffected.

Your current account, profile, subscription, or files won't be affected. The app will automatically update in November with a new icon and name, so keep an eye out for those changes then. Your account won't change; you've heard it directly from the tech juggernaut. Only a brand-new icon and name are altered. I'm done now.

If Microsoft were the only competitor in the productivity suite market, this would be incredibly exciting. But they are not. In actuality, Google's productivity suite offers features that are comparable to those of the Microsoft 365 productivity suite. The fact that Google's services are free is the best part of everything. Try Google Docs if you like Microsoft Word but don't like that it costs money. Try Google Sheets if you use Microsoft Excel. In actuality, Google offers a free product for each service that Microsoft provides.

In other Microsoft news, Microsoft 365 apps are now easier than ever to update, just in case you still subscribe annually. However, Google apps are still free.

Microsoft 365 uses insecure encryption, exposing emails to snooping.

WithSecure security researchers discovered an unpatched vulnerability in Microsoft Office 365 Message Encryption (OME) that allows hackers to deduce the contents of encrypted messages. OME encrypts emails sent or received using the Electronic Code Book (ECB) mode, which is regarded as a broken or risky cryptographic algorithm.

According to WithSecure, "this mode is generally insecure and can leak information about the structure of the messages sent, which can lead to partial or full message disclosure." Repeated areas in the plaintext data would produce the same encrypted result when the same key was used, according to a BleepingComputer report. The pattern that results from this makes it simple for criminals to perform cryptanalysis on encrypted emails.

Image: Softsonic

According to WithSecure, "a attacker with a large database of messages may infer their content (or portions of it) by analyzing relative locations of repeated sections of the intercepted messages."To take advantage of the weakness, attackers would need access to previously leaked emails.

According to the researcher who found the flaw, Harry Sintonen, "more emails make this process easier and more accurate, so it's something attackers can perform after getting their hands on email archives stolen during a data breach, or by breaking into someone's email account, email server, or gaining access to backups."

Microsoft has not released a fix for the issue in nine months.

On January 11, 2022, Sintonen notified Microsoft of the vulnerability. He was rewarded with $5,000 for his work. However, after being contacted about the problem several times, Microsoft finally responded that it did not believe the vulnerability met the criteria for security servicing and that it was not a breach. No CVE [common vulnerabilities and exposure] was issued for this report because no code change was made, according to Microsoft.

"The decision to use the Electronic Codebook (ECB) mode of operation with message encryption and then maintaining compatibility with this poor decision appears to be the root cause for the vulnerability," Sintonen said. Sintonen stated that end users or administrators of the email system had no choice but to enforce a more secure mode of operation."Because Microsoft has no plans to fix this vulnerability, the only mitigation is to avoid using Microsoft Office 365 Message Encryption," Sintonen advised.

The ECB flaw was discovered following the 2013 Adobe data breach.In that case, researchers determined that the use of ECB resulted in the leak of millions of passwords. In 2020, researchers discovered that popular video communications app Zoom used the same 128-bit key to encrypt video and audio using the algorithm with ECB mode.

WithSecure identifies a flaw in Microsoft Office 365 Message Encryption.'

Regarding the way Microsoft encrypts messages in Office 365, WithSecure has released a warning. Microsoft's use of the Electronic Cookbook (ECB) block cypher confidentiality mode, as specified by the US National Institute of Science and Technology, is the cause of the issue (NIST). Although this mode's shortcomings are now acknowledged, a replacement won't be available until 2023.

As a result, under specific and defined conditions, all messages sent using Office 365 Message Encryption (OME) are vulnerable. Not only are messages being captured during transmission. This can be used by attackers to access any set of emails, recent or old. This is another issue where historical data poses risks to an organization because there is no fix for historical emails.

According to Harry Sintonen, a consultant and security researcher at WithSecure, "Attackers who are able to obtain multiple messages can use the leaked ECB information to decrypt the contents of the messages. Attackers can carry out this procedure after obtaining access to email archives that were stolen during a data breach, by breaking into someone's email account, email server, or by gaining access to backups because more emails make the process simpler and more accurate.

How many emails must be sent in order for this attack to succeed is unclear. According to WithSecure, "By analyzing relative locations of repeated sections of the intercepted messages, an attacker with a large database of messages may infer their content (or parts of it)."

It does not specify how big a database must be, though. How many messages are there—thousands, tens of thousands, or millions?

How does this attack operate?

"The ECB mode encrypts plaintext blocks independently, without randomization; thus, inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal," according to NIST. A similar comparison would highlight data that appears repeatedly in messages, such as signature blocks or other boilerplate information. This would allow attackers to map the message structure. "[A] malicious third-party gaining access to the encrypted email messages may be able to identify the content of the messages because ECB leaks certain structural information of the messages," according to WithSecure. This may result in the loss of confidentiality."

WithSecure provides examples of recovering image content from messages in its analysis. It does not, however, provide examples of recovered body text. The question is how much an attacker can discover. Also, how would they use it? It is also important to note that it makes no difference which encryption standard is used. Again, WithSecure demonstrated its ability to recover the contents of an AES-encrypted image. The problem is not with AES, but with the ECB's mode of operation.

What did Microsoft say?

From the time this was reported to Microsoft until the final response, WithSecure provides the timeline. That answer: "Neither a breach nor a report was deemed to meet the standards for security servicing. Since there was no code modification, there was no CVE for this report.

How did Microsoft arrive at this conclusion is the question. On the surface, WithSecure has demonstrated that there is a risk here that can be exploited. It has also cited NIST statements that the ECB mode is a problem. So, why is Microsoft claiming that there is no issue? Enterprise Times emailed Microsoft for clarification on why this isn't a problem but had received no response as of the time of writing.

What are your options?

There is currently no reason to believe that WithSecure's assessment of the risk is inaccurate. "Any organization with staff members who used OME to encrypt emails are essentially stuck with this problem," claims Sintonen. This might present some problems for some people, such as those for whom contracts, or local laws contain confidentiality clauses. Additionally, there are concerns about what might happen if this data is actually stolen, which is why it is a major concern for organizations.

The WithSecure press release goes into more detail. According to the statement, "WithSecure recommends avoiding the use of OME as a means of ensuring the confidentiality of emails because there is no fix from Microsoft or a more secure mode of operation available to email admins or users."

It's unlikely that many organizations will find it easy to make that change. The use of OME may be codified into many organizations' operational guidelines. A replacement must be found, and those processes must be rethought in order to change. To research, test, approve, and implement that will take some time. There is no quick fix for this.

The Enterprise Times: "What does this mean?"

There are several problems with this. Why are the two organizations at odds over the risk posed by the use of ECB is the first and most crucial question. There is no proof that WithSecure is spreading false alarms with this. It has given a detailed explanation of how this works and what it is capable of.

This attack's ability to target historical records raises serious security concerns. Large amounts of data that are frequently stolen by attackers are thought to be secure because they were encrypted. However, we already know that the capacity to crack that encryption increases as technology develops. Therefore, historical data is becoming less secure by the second.

WithSecure has shown that it is possible to do it right away in this instance, so there is no need to wait for technology to advance. It implies that any OME-using organization that experiences data loss must reassess the risk involved in the lost data.

However, simply making changes won't address the bigger problem of outdated data. What are the dangers? How vulnerable are businesses? How many people are going to be willing to consider past data breaches and evaluate what those mean in light of this?