Microsoft Office 365 Message Encryption claims to offer a way “to send and receive encrypted email messages between people inside and outside your organization.”
And according to WithSecure, it’s not fit for purpose: the encryption method employed, known as Electronic Codebook (ECB), is insecure for data with repeating patterns, such as plaintext or uncompressed images or videos. And Microsoft isn’t fixing it.
When using ECB mode, messages are divided into a series of blocks, and plaintext that’s the same in different blocks produces identical ciphertext. In the case of an image where pixels of the same color get represented by the same plaintext, the corresponding ciphertext is also the same for like pixels, which makes the image visible through the ciphertext.
Read more…
Source: The Register