Microsoft 365 Message Encryption found to leak structural information in messages

SECURITY

Cybersecurity company WithSecure Oyj is warning that a security flaw in Microsoft 365 Message Encryption can leak structural information in messages.

WithSecure, previously known as F-Secure until March, explained that the issue with Microsoft 365, known as Office 365 until yesterday, is that Microsoft uses an Electronic Codebook implementation. That’s a mode of operation known to leak certain structural information about messages.

According to the advisory, attackers who can obtain enough OME emails could use the information to infer the contents of the messages partially or fully by analyzing the location and frequency of repeated patterns in individual messages. Having done so, an attacker could then match these patterns to ones found in other OME emails and files.

“Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents,” WithSecure consultant and security researcher Harry Sintonen explained. “More emails make this process easier and more accurate, so it’s something attackers can perform after getting their hands on e-mail archives stolen during a data breach, or by breaking into someone’s email account, e-mail server, or gaining access to backups.”

The advisory explains that the attack method can be done offline, meaning an attacker could compromise backlogs or archives of previous messages. It’s noted that organizations have no way to prevent an attacker that comes into possession of affected emails from compromising its contents using the method.

No knowledge of the encryption keys is needed to conduct the analysis, according to the advisory and the use of a Bring Your Own Key scheme does not remedy the problem.

WithSecure shared its research with Microsoft in January 2022, but the issue has not been fixed. Microsoft is said to have acknowledged the problem and made a payment via its vulnerability reward program. Organizations can mitigate the problem by not using the feature, but Microsoft’s decision not to address this issue is claimed to increase the risk of adversaries gaining access to existing emails encrypted with OME.

“Any organization with personnel that used OME to encrypt emails is basically stuck with this problem,” Sintonen added. “For some, such as those that have confidentiality requirements put into contracts or local regulations, this could create some issues. And then, of course, there are questions about the impact this data could have in the event it’s actually stolen, which makes it a significant concern for organizations.”

The advisory concludes with WithSecure recommending that Microsoft 365 users should avoid using OME as a means of ensuring the confidentiality of emails.

Image: Microsoft