Microsoft Office 365 Message Encryption claims to offer a way to "send and receive encrypted email messages between people inside and outside your organization."
But according to F-Secure's WithSecure team, it is not suitable for this purpose: the encryption method used, known as Electronic Codebook (ECB), is unsafe for data with repeating patterns, such as plain text or uncompressed images or videos. And Microsoft isn't fixing it.
When using ECB mode, messages are split into a series of blocks. So plaintext that is in different blocks produces the same ciphertext. In the case of an image where pixels of the same color are represented by the same plaintext, the corresponding ciphertext is also the same for similar pixels.
The leakiness of ECB makes it unsuitable for secure communication, and cryptography experts advise against using it for cryptographic protocols. As America's NIST states, "the use of ECB to encrypt confidential information constitutes a serious security gap."
Office 365 Message Encryption (OME from Office Message Encryption) uses a strong encryption (AES), but WithSecure he says that this is irrelevant because the ECB mode is weak and vulnerable to cryptanalysis regardless of the encryption used. In other words, when AES is mapped to ECB mode, the resulting encryption is not secure.
The security team reports that encrypted OME messages are sent as email attachments and persist in email systems. An attacker with access to a sufficient number of these messages can deduce the content of the message by analyzing the repeating patterns of the ciphertext.
"Attackers who are able to get their hands on multiple messages can use the leaked ECB information to understand the encrypted content," said Harry Sintonen, security researcher at WithSecure.
"More emails make this process easier and more accurate, so it's something attackers can do after stealing email records during a data breach or by hacking into someone's email account, email server, or accessing copies of security.”