Office 365's encryption feature can be easily hacked, warns WithSecure

A hand pressing a phone with the Office 365 logo shown on it, with the Office 365 logo on an orange wall in the background

Researchers at cyber security firm WithSecure have issued an advisory, warning that the method used to generate encrypted messages in Microsoft Office 365 can be cracked relatively easily.

Microsoft Office 365 Message Encryption (OME), a feature offered within the Office 365 suite, allows enterprise users to send encrypted messages as an HTML attachment via email.

RELATED RESOURCE

How to trust your inbox with Cloudflare Area 1

Why your current email security may not be enough

FREE DOWNLOAD

Microsoft says the function is useful for sending sensitive data such as medical records, but WithSecure contends the service uses an insecure method of operation for encryption, allowing threat actors to infer the structure of encrypted messages.

OME messages are generated using Electronic Codebook (ECB), in which the text of the message is broken down into cipher blocks that are individually encrypted using a key stored and managed by Microsoft, through Azure Rights Management (Azure RMS). Each character within the plaintext is directly substituted for a cipher text character, according to the key.

However, through this method identical blocks of plaintext will return identical blocks of encrypted text, allowing patterns within the content to be identified. This is particularly the case with emails, which have structures that are more easily predicted than other types of messages typically sent through end-to-end encrypted (E2EE) apps, such as Signal or WhatsApp.

Emails within organisations, which are likely to contain repeating headers or footers, might be especially vulnerable to this kind of malicious decryption, as patterns reveal the encrypted substitutions for plaintext. If a message from an organisation always signed off in the same way, an attacker with access to a database of such messages would be able to partially decrypt each one.

WithSecure has advised organisations to consider alternative channels of communication for sensitive company information.

Recipients are required to access messages through a one-time passcode, valid Microsoft account, or work account in order to decrypt messages, and end-users can revoke access to sent emails at any time.

However, OME imposes no usage limitations on the attachment itself. It's possible, therefore, that threat actors could intercept the attachments, print them, or be forwarded them by the original recipient with little remediation possible on the sender’s end.

WithSecure reported the issue, which it classifies as a vulnerability, to Microsoft on 11 January. However, after several repeated attempts to contact the tech giant, and a notice that it would go public with the disclosure, WithSecure claims it received the following message from Microsoft on 21 September:

"The report was not considered meeting the bar for security servicing, nor is it considered a breach. No code change was made and so no CVE was issued for this report."

Researchers cite Microsoft compliance documentation to posit that ECB is used to maintain backwards compatibility with legacy versions of Office, which only support Advanced Encryption Standard (AES) 128-bit ECB.

In addition to OME, enterprise users can use two other encryption services within Office 365. These are Information Rights Management (IRM), and S/MIME, which both offer greater control over the access rights of sent messages. Messages sent through these alternatives are also encrypted using different methods of operation, but come with their own accessibility benefits and drawbacks.

“The rights management feature is intended as a tool to prevent accidental misuse and is not a security boundary," a Microsoft spokesperson told IT Pro.

"To help prevent abuse we recommend customers follow best security practices, including keeping systems up to date, enabling multi-factor authentication, and using a real time anti-malware product.”

Microsoft also stated that its use of ECB encryption supports legacy applications, and that it is working on alternative encryption protocols for future product versions.

This article has been updated to include a statement from Microsoft.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.