Cybersecurity researchers have discovered serious cryptographic issues in various end-to-end encryption (E2EE) cloud storage platforms that could be used to leak sensitive data.
“Vulnerabilities vary in severity: in many cases, a malicious server can inject files, forge file data, and even gain direct access to plaintext,” ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong said. “Notably, many of our attacks affect multiple providers in the same way, revealing common patterns of failure in independent cryptographic projects.”
The identified vulnerabilities are the result of an analysis of five major vendors such as Sync, pCloud, Icedrive, Seafile and Tresorit. The attack techniques developed depend on a malicious server being controlled by an adversary, which can then be used to attack service provider users.
A brief description of the weaknesses identified in cloud storage systems is as follows:
- Synchronization where a malicious server can be used to breach the privacy of downloaded files, inject files and manipulate their contents
- pCloud, in which a malicious server can be used to violate the confidentiality of downloaded files, as well as to inject files and manipulate their contents
- Seafile, in which a malicious server can be used to speed up user password guessing, as well as rooting files and forging their contents
- Icedrive, in which a malicious server can be used to compromise the integrity of downloaded files, as well as to inject files and manipulate their contents
- Tresorit, in which a malicious server can be used to present non-authentic keys when sharing files and falsify some metadata in the repository
These attacks fall into one of 10 broad privacy-infringing classes, target file data and metadata, and allow the injection of arbitrary files –
- Lack of user key material authentication (Sync and pCloud)
- Using unauthenticated public keys (Sync and Tresorit)
- Downgrade encryption protocol (Seafile),
- Link Exchange Pitfalls (Sync)
- Using unauthenticated encryption modes such as CBC (Icedrive and Seafile)
- Split files without authentication (Seafile and pCloud)
- Spoofing filenames and locations (Sync, pCloud, Seafile and Icedrive)
- Forgery of file metadata (affects all five providers)
- Injecting folders into user storage by combining a metadata editing attack and exploiting a feature in the sharing mechanism (Sync)
- Injection of fake files into user’s storage (pCloud)
“Not all of our attacks are sophisticated in nature, meaning they are within the reach of attackers who are not necessarily cryptographically proficient. Indeed, our attacks are highly practical and can be performed without significant resources,” the researchers said in an accompanying paper.
“Furthermore, while some of these attacks are not new in terms of cryptography, they highlight that E2EE cloud storage deployed in practice fails at a trivial level and often does not require deeper cryptanalysis to crack.”
While Icedrive chose not to address the issues identified after responsible disclosure in late April 2024, Sync, Seafile and Tresorit acknowledged the report. Hacker News has reached out to each of them for further comment, and we’ll update the story when we hear back.
The findings come just over six months after a team of researchers from King’s College London and ETH Zurich detailed three different attacks on Nextcloud’s E2EE functionality that can be abused to break confidentiality and integrity guarantees.
“These vulnerabilities make it trivial for malicious Nextcloud servers to access and manipulate user data,” the researchers note. said at the time, emphasizing the need to treat all server actions and server-generated inputs as adversarial for problem solving.
As early as June 2022, ETH Zurich researchers will too demonstrated a number of critical security issues in the MEGA cloud storage service that could be exploited to compromise the privacy and integrity of user data.
