Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data

WithSecure researcher Harry Sintonen has released an advisory on issues with Microsoft Office 365 Message Encryption (OME). OME is used to send encrypted emails.

WithSecure researcher Harry Sintonen has released an advisory on issues with Microsoft Office 365 Message Encryption (OME). OME is used to send encrypted emails. It uses the Electronic Codebook implementation, which can leak certain structural information about emails.

Issues with ECB are not unknown. In its Announcement of Proposal to Revise Special Publication 800-38A, NIST wrote, “The ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal… the use of ECB to encrypt confidential information constitutes a severe security vulnerability.”

Sintonen comments, “Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents. More emails make this process easier and more accurate.”

The problem is not one of decryption, and the cleartext content of the message is not directly revealed. Nevertheless, some content can be revealed.

Since repeating blocks of the cleartext message always map to the same ciphertext blocks, an attacker with a database of stolen emails can analyze them offline for these patterns, and be able to infer parts of the cleartext of the encrypted emails.

Image extracted from the Office 365 Message Encryption protected email 

Image extracted from O365 message

In this sense, the problem is similar to the ‘harvest now, decrypt later’ threat of quantum decryption. Adversaries could steal large quantities of emails knowing that the more they have, the greater number of repeated patterns will be discovered in analysis, and the more accurate their cleartext inferences will become. For example, autocratic states could use this methodology to infer the identity of political activists, and locate other members of activist groups.

The attacker would look for a ciphertext block that appears to be of potential interest, and then use that as a fingerprint to highlight other emails containing the same fingerprint. This search across all the available emails would be automated. 

Advertisement. Scroll to continue reading.

AI is also a potential aid. The AI could detect potentially, but not exactly, comparable ciphertext blocks. “AI could detect similarities in files that aren’t one of the ‘fingerprinted’ files,” Sintonen told SecurityWeek. This could increase the number of inferences that could be concluded. “You would certainly be able to leverage AI in the analysis,” he added.

Sintonen reported his findings to Microsoft in January 2022. He was awarded $5k for his discovery, and consequently expected to hear back from Microsoft that a patch was planned. Nothing happened. Eventually, he was told, “The report was not considered meeting the bar for security servicing, nor is it considered a breach. No code change was made and so no CVE was issued for this report.”

It is not clear why Microsoft has taken this stance. It may be because the company – like all other companies – must plan to move towards NIST’s quantum safe encryption methods over the next few years. The difficulty in ensuring that all apps that use OME must be simultaneously patched may also play into the decision. Or its message may be taken at face value: it is not considered serious.

But the potential should not be ignored. “Any organization with personnel that used OME to encrypt emails are basically stuck with this problem. For some, such as those that have confidentiality requirements put into contracts or local regulations, this could create some issues. And then of course, there’s questions about the impact this data could have in the event it’s actually stolen, which makes it a significant concern for organizations,” said Sintonen. 

The only mitigation for this flaw is to stop using OME to encrypt sensitive files.

Related: Investors Bet Big on Attempts to Solve Encryption ‘Holy Grail’

Related: Is OTP a Viable Alternative to NIST’s Post-Quantum Algorithms?

Related: Zoom Announces Better Encryption, Other Security Improvements

Related: New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...