Office 365’s encryption function can be easily hacked, warns WithSecure

Researchers at cybersecurity firm WithSecure have issued an advisory warning that the method used to generate encrypted messages in Microsoft Office 365 can be cracked relatively easily.

Microsoft Office 365 Message Encryption (OME), a feature offered in the Office 365 suite, allows business users to send encrypted messages as an HTML attachment via email.

Microsoft says the feature is useful for sending sensitive data such as medical records, but WithSecure claims the service uses an insecure operating method for encryption, allowing threat actors to deduce the structure of encrypted messages.

OME messages are generated using Electronic Code Book (ECB), where the text of the message is broken down into cipher blocks that are individually encrypted with a key stored and managed by Microsoft, through Azure Rights Management (Azure RMS). Each character in the plaintext is directly replaced by a ciphertext character, according to the key.

Through this method, however, identical blocks of plain text will return identical blocks of encrypted text, so that patterns in the content can be identified. This is especially the case with emails, which have structures that are easier to predict than other types of messages typically sent through end-to-end encrypted (E2EE) apps, such as Signal or WhatsApp.

Emails in organizations, which are likely to contain repeated headers or footers, can be particularly vulnerable to this type of malicious decryption, as patterns reveal the encrypted substitutes for plain text. If a message from an organization always logged out in the same way, an attacker with access to a database of such messages would be able to partially decrypt each one.

WithSecure has advised organizations to consider alternative communication channels for sensitive company information.

Recipients must access messages through a one-time code, valid Microsoft account, or work account to decrypt messages, and end users can revoke access to sent emails at any time.

However, OME does not impose any usage restrictions on the appendix itself. It is therefore possible that threat actors can intercept the attachments, print them or be forwarded by the original recipient with little remediation possible on the sender’s side.

WithSecure reported the problem, which it classifies as a vulnerability, to Microsoft on January 11. After several repeated attempts to contact the tech giant, and a message that it would make the disclosure public, WithSecure claims it received the following message from Microsoft on September 21:

“The report was not considered to meet security servicing requirements, nor is it considered a breach. No code change was made, and therefore no CVE was issued for this report.”

Researchers cite Microsoft’s compliance documentation to claim that ECB is used to maintain backward compatibility with older versions of Office, which only support the Advanced Encryption Standard (AES) 128-bit ECB.

In addition to OME, business users can use two other encryption services within Office 365. These are Information Rights Management (IRM), and S/MIME, both of which provide greater control over access rights to sent messages. Messages sent through these options are also encrypted using different operational methods, but come with their own accessibility advantages and disadvantages.

IT Pro has reached out to Microsoft for comment.