A number of end-to-end encrypted (E2EE) cloud storage platforms are weak to a set of safety points that would expose consumer knowledge to malicious actors.
Cryptographic evaluation from ETH Zurich researchers Jonas Hofmann and Kien Tuong Turong revealed problem with Sync, pCloud, Icedrive, Seafile, and Tresorit companies, collectively utilized by greater than 22 million folks.
The evaluation was based mostly on the menace mannequin of an attacker controlling a malicious server that may learn, modify, and inject knowledge at will, which is real looking for nation-state actors and complicated hackers.
The crew feedback that most of the found flaws instantly oppose the advertising and marketing guarantees of the platforms, which create a misleading and false premise for patrons.
Findings
The ETH Zurich researchers discovered severe vulnerabilities in all 5 merchandise, together with implementations that permit a malicious actor to inject information, tamper with knowledge, or acquire entry to consumer information. Here is an outline of the found points:
- Sync‘s vulnerabilities embody unauthenticated key materials, permitting attackers to inject their very own encryption keys and compromise knowledge. The dearth of public key authentication in file sharing additional allows attackers to decrypt shared information. Shared hyperlinks expose passwords to the server, breaking confidentiality. Moreover, attackers can rename or transfer information undetected and even inject folders into consumer storage, making them seem as if the consumer uploaded them.
- pCloud‘s essential points stem from unauthenticated key materials, permitting attackers to overwrite non-public keys and pressure encryption with attacker-controlled keys. Public keys are additionally unauthenticated, giving attackers entry to encrypted information. Moreover, attackers can inject information, manipulate metadata like file measurement, and reorder or take away chunks because of the lack of authentication within the chunking course of.
- Icedrive‘s use of unauthenticated CBC encryption makes it weak to file tampering, permitting attackers to change file contents. File names may also be truncated or altered. The chunking course of lacks authentication, which means attackers can reorder or take away file chunks, compromising file integrity.
- Seafile is weak to protocol downgrades, making password brute-forcing simpler. Its use of unauthenticated CBC encryption permits file tampering, and unauthenticated chunking lets attackers manipulate file chunks. File names and areas are additionally unsecured, and the server can inject information or folders into consumer storage.
- Tresorit‘s public key authentication depends on server-controlled certificates, which attackers can substitute to entry shared information. Metadata can be weak to tampering, permitting attackers to change file creation particulars and mislead customers.
Out of the examined group of 5, Tresorit fared comparatively higher, as the problems found don’t instantly expose file contents or permit for simple knowledge manipulation.
Supply: ETH Zurich
Disclosure and vendor responses
The researchers notified Sync, pCloud, Seafile, and Icedrive of their findings on April 23, 2024, and contacted Tresorit on September 27, 2024, to debate potential enhancements of their explicit cryptographic designs.
Icedrive determined to not handle the problems, Seafile promised to patch the protocol downgrade downside on a future improve, whereas Sync and pCloud had not responded as of October 10, 2024.
BleepingComputer contacted all 5 cloud service suppliers for a touch upon Hofmann’s and Truong’s analysis, and we acquired the under statements.
Sync: Our safety crew grew to become conscious of those points final week, and we have since taken swift motion to handle them. We have additionally reached out to the analysis crew to share findings and collaborate on subsequent steps.
The potential knowledge leak problem on hyperlinks (as reported) has already been mounted, and we’re fast-tracking fixes for the remaining potential points proper now. Because the analysis paper outlines, these vulnerabilities exist below the pretext of a compromised server. There isn’t any proof that these vulnerabilities have been exploited or that file knowledge has been accessed.
We perceive that through the use of Sync, belief is positioned in us. However the promise of end-to-end encryption is that you just need not belief anybody, not even us. This idea is on the core of our encryption mannequin and central to what we do.
We’re dedicated to getting these points resolved.
Tresorit: The research of ETH Zürich’s world-class analysis crew examined the potential of ten lessons of assaults on end-to-end-encrypted cloud storage methods, together with confidentiality breaches and file injection vulnerabilities. The findings confirmed that Tresorit’s considerate design and cryptographic selections made our system largely unaffected by these assaults. Whereas we’re happy with these outcomes, we additionally acknowledge the untapped potential the analysis highlighted.
Presenting public key fingerprints to customers when sharing folders is on our 2025 roadmap. This can utterly forestall key alternative assaults by permitting out-of-band verification. We already do that for enterprise invites so the consumer can get cryptographic proof about their future knowledge administrator earlier than becoming a member of. Our Frequent Standards EAL4 + AVA_VAN.5 evaluated shopper software program — a primary amongst cloud storage companies — requires out-of-band key authentication for folder sharing, too.
Regardless that some metadata, such because the file measurement, the time of final modification, and folder memberships are shared with the servers, these are additionally saved as cryptographically authenticated knowledge to stop tampering. This metadata can be wanted to be identified on the server aspect: for the correct bookkeeping of our prospects’ storage quota, and to implement server-side entry guidelines as a further layer of safety.
At Tresorit, safety is our prime precedence, and we’re dedicated to steady enchancment, utilizing these insights to strengthen our platform additional. This analysis not solely helps us evolve but additionally guides the broader business towards safer options. Safety is the inspiration of all the things we construct, and we’re proud to collaborate with tutorial establishments just like the Technical College in Budapest to make sure that we keep on the forefront of innovation in safe cloud storage.
Seafile: We do not have something to remark in the mean time.
Icedrive and pCloud didn’t reply to BleepingComputer’s request for a press release.