Researchers uncovered the use of broken encryption emails to secure messages in Microsoft Office 365.
Key Points:
- Researchers from Finnish cybersecurity firm WithSecure found various security vulnerabilities in Microsoft Office 365.
- They have revealed that there are defects in the Electronic Codebook (ECB) of Microsoft Office 365.
- Due to this vulnerability, third-party programs can decrypt poorly encrypted user details.
A new study made by researchers at Finnish cybersecurity firm WithSecure found several vulnerabilities in the encryption suite of Microsft Office 365.
Here, researchers have stated that Microsft Office 365 uses an encryption system called the Electronic Codebook (ECB). ECB stores all the encrypted data regarding the subscribed users, including their payment details and account passwords as well.
In ECB, Microsoft makes use of an encryption mechanism called Office 365 Message Encryption (OME). This is the code that is used to send and receive data between Microsoft databases and users. It holds the key to deciphering users’ encrypted data, which only Microsoft admins can access.
However, this OME can be accessed by hackers using a broken cryptographic algorithm present in the codes. This can be accurately targeted by coding specialists, which allows them access to the ECB, containing data on all users.
Since ECB uses a system that stores data in various banks of data, accessing one such bank by decrypting it can lead to data leaks of thousands of Microsoft Office 365 users. This can be done by analyzing the location of two ciphertext blocks – the primary form of how ECB stores encrypted data.
However, the fun part is the fact that Microsft has no way to solve this issue right now. This report indicates that they are trying to shift to a new data governance system called Purview to secure all emails and user documentations.
Read Also: