Microsoft is able to look inside your password protected zip files
Microsoft has been spotted scanning for malware within password protected zip files stored on its cloud services.
Security researcher Andrew Brandt was among those to notice that Microsoft appears to be bypassing passwords added to zip archives in order to check for malware. While the intentions of the company may be good, the practice raises serious questions about privacy and security.
- Microsoft reminds Windows 10 21H2 users about imminent end of service... and forced upgrades
- Microsoft releases KB5026372 update for Windows 11 with security fixes and faster update option
- Microsoft will launch the huge Windows 11 Moment 3 update this summer, but you can have it now!
Brandt was surprised to find that a number of the password protected zip files he was storing on Sharepoint were flagged as "Malware detected". Being a security researcher, Brandt saves copies of malware in encrypted archives, so the warnings are valid. The fact that Microsoft has bypassed password protection to determine this, however, has many people worried.
Sharing his findings on Mastodon, Brandt says:
Well, apparently #microsoft #Sharepoint now has the ability to scan inside of password-protected zip archives.
How do I know? Because I have a lot of Zips (encrypted with a password) that contain malware, and my typical method of sharing those is to upload those passworded Zips into a Sharepoint directory.
This morning, I discovered that a couple of password-protected Zips are flagged as "Malware detected" which limits what I can do with those files - they are basically dead space now.
While I totally understand doing this for anyone other than a malware analyst, this kind of nosy, get-inside-your-business way of handling this is going to become a big problem for people like me who need to send their colleagues malware samples. The available space to do this just keeps shrinking and it will impact the ability of malware researchers to do their jobs.
While it has been suggested that Microsoft is using a list of known passwords to take a look inside protected archives, circumventing security put in place by individuals will almost certainly erode trust in the company -- whatever the reason given for doing so may be.
Another security researcher, Kevin Beaumont, pointed out that Microsoft uses various methods of scanning the contents of password protected files across all of its Microsoft 365 cloud services, including OneDrive.
Image credit: wirestock_creators / depositphotos