Security researchers at WithSecure have discovered that it Is possible to partially, and in some cases fully, infer the contents of message encrypted through Microsoft’s Office 365 application due to the use of a weak block cipher mode of operation. The weak block cipher mode that Office365 uses is Electronic Code Block (ECB) mode. The main problem that the researchers identified with ECB is that repetitive areas in the plaintext data have the same encrypted result when the same key is used, which created a pattern that allows a threat actor to infer the plaintext data in some cases.
This issue in ECB was first highlighted in the 2013 Adobe data breach where more than 10 million passwords were leaked – the company used ECB mode to encrypt the data, which made it possible to obtain plaintext passwords. The issue was again highlighted in 2020 where it was discovered that the Zoom videoconferencing application used the same 1280bit key to encrypt all audio and visual using the AES algorithm with ECB mode. While the researchers at WithSecure indicate that a single message alone isn’t decipherable, they highlight that an actor can look for structural information across numerous messages, leading to patterns that can be found allowing the messages as a whole to become gradually readable.
This ECB issue was reported to Microsoft in January 2022 and was acknowledged and assigned a bug bounty. However, Microsoft noted that “the issue does not meet the bar for security servicing, nor is it considered a breach”. The company still uses ECB to support legacy applications. However, the company is working on adding an alternative encryption protocol to future product versions.
While a single message alone is indecipherable when using ECB, analyzing a large portion of messages allows for patterns to be revealed, which weakens the overall structure of the protocol and can allow for portions of plaintext data to be read. As an attacker can conduct this activity offline, it is largely undetectable. The best recommendation would be to stop using the Microsoft Office 365 encryption altogether. However, as this may not be possible for some organizations, this highlights the need for a defense in depth strategy to ensure that any actors are identified at a different part of the attack chain, before email data can be exfiltrated to decipher offline. For example, some beneficial detections in this case would be to look for anomalous user activity such as suspicious logons or to look for a large amount of email data being accessed at once and exfiltrated from the environment.