Microsoft Office 365 Message Encryption claims to offer a way"to send and receive encrypted email messages between people inside and outside your organization."F-Secure's WithSecure lab, it's not fit for purpose: the encryption method employed, known as Electronic Codebook , is insecure for data with repeating patterns, such as plaintext or uncompressed images or videos. And Microsoft isn't fixing it.
The leaky nature of ECB makes it unsuitable for secure communication, and cryptography experts advise against using it for cryptographic protocols. As America's NIST,"use of ECB to encrypt confidential information constitutes a severe security vulnerability." Office 365 Message Encryption relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used. In other words, when AES is paired with ECB mode, the resulting encryption is poor.
The security lab says that OME encrypted messages get sent as email attachments, and thus may reside on email systems or may have been intercepted. An attacker with access to a sufficient number of these messages can potentially infer message contents by analyzing repeating ciphertext patterns. "Attackers who are able to get their hands on multiple messages can use the leaked ECB info to figure out the encrypted contents," said Harry Sintonen, security researcher at WithSecure, in"More emails make this process easier and more accurate, so it’s something attackers can perform after getting their hands on email archives stolen during a data breach, or by breaking into someone’s email account, e-mail server or gaining access to backups.
ErrataRob _nobody_ uses AES-ECB, except OME. 'The rights management feature is intended as a tool to prevent accidental misuse and is not a security boundary.' ? ? ?
mikko MrJeffMan
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: TheRegister - 🏆 67. / 61 Read more »
Source: MetroUK - 🏆 13. / 82 Read more »
Source: eurogamer - 🏆 68. / 61 Read more »
Source: CreativeBloq - 🏆 40. / 65 Read more »
Source: BBCNews - 🏆 3. / 97 Read more »
Source: TheVoiceNews - 🏆 119. / 51 Read more »