Home » Technology » Microsoft » Microsoft Office 365 Encryption Is Not Secure

Microsoft Office 365 Encryption Is Not Secure

microsoft office 365

There may be a really difficult problem slumbering in Microsoft Office 365: security researchers want to have found a way to circumvent encryption – and troubleshooting with a patch is probably not possible here.

The problem is therefore in the Microsoft Office 365 Message Encryption (OME). This uses an encryption method that allows attacks under certain circumstances, as security researchers from the company WithSecure announced, according to a report by VentureBeat. Fortunately, conventional e-mail communication is not directly affected.

OME uses the Electronic Codebook (ECB) block cipher, which reveals structural information about the message. This means that an attacker with access to many e-mails can get more detailed information about the key based on the position and frequency of patterns. This is about the possibility of a statistical attack on the algorithm.

Single Email Messages Are Still Safe

This means that a single intercepted message can still be considered safe. However, if a company loses its entire email archive to an attacker, for example, it can no longer be guaranteed that the content is confidential. Although the effort involved in reconstructing the plaintext is high and could hardly be raised by everyday criminals, a competitor would certainly have enough motivation to take action here.

The problem here lies in the basic architecture of OME. It is therefore not a classic bug that could be solved with a patch. And Microsoft isn’t the only company being criticized for using ECB algorithms. The video conferencing provider Zoom also uses the method and ultimately offers a point of attack.