• Posted by: Michael Johnson
• October 21, 2024

Severe Cryptographic Issues Found in Major E2EE Cloud Storage Platforms

Cybersecurity researchers have uncovered significant cryptographic vulnerabilities in several end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive user data.

"The vulnerabilities range in severity: in many cases, a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," explained Jonas Hofmann and Kien Tuong Truong, researchers from ETH Zurich. "Remarkably, many of our attacks affect multiple providers in the same way, revealing common failure patterns in independent cryptographic designs."

The researchers analyzed five major cloud storage providers—Sync, pCloud, Icedrive, Seafile, and Tresorit—uncovering significant security flaws. The attacks revolve around a malicious server controlled by an adversary, which can then target the users of these services.

Here’s a breakdown of the flaws found in each platform:

Sync: A malicious server could break file confidentiality, inject files, and tamper with file content.

pCloud: A malicious server could break file confidentiality, inject files, and tamper with file content.

Seafile: A malicious server could speed up brute-force attacks on user passwords, inject files, and tamper with content.

Icedrive: A malicious server could break the integrity of uploaded files, inject files, and tamper with their content.

Tresorit: A malicious server could present non-authentic keys when sharing files and tamper with file metadata.

Classes of Vulnerabilities:

These attacks fall under 10 broad categories, impacting file confidentiality, metadata, and allowing arbitrary file injection:

1. Lack of authentication of user key material (Sync and pCloud)
2. Use of unauthenticated public keys (Sync and Tresorit)
3. Encryption protocol downgrade (Seafile)
4. Link-sharing pitfalls (Sync)
5. Use of unauthenticated encryption modes like CBC (Icedrive and Seafile)
6. Unauthenticated chunking of files (Seafile and pCloud)
7. Tampering with file names and locations (Sync, pCloud, Seafile, and Icedrive)
8. Tampering with file metadata (affects all five providers)
9. Injection of folders by combining metadata editing attacks (Sync)
10. Injection of rogue files into user storage (pCloud)

According to the researchers, "Not all of our attacks are sophisticated in nature, meaning they are within reach of attackers who are not necessarily skilled in cryptography. In fact, our attacks are highly practical and can be executed without significant resources."

While some of these attacks aren't new from a cryptographic standpoint, they underscore the reality that E2EE cloud storage services, as deployed in practice, are vulnerable at a fundamental level. Many of the attacks don’t require complex cryptanalysis to succeed.

Responses from Providers:

Of the five providers, Icedrive has opted not to address the identified issues following responsible disclosure in April 2024. However, Sync, Seafile, and Tresorit have acknowledged the findings. The researchers and cybersecurity news outlets have reached out for further comments, and updates will be provided if available.

These findings come just six months after another study from King's College London and ETH Zurich revealed three distinct attacks on Nextcloud’s E2EE feature that compromised confidentiality and integrity.

"The vulnerabilities make it trivial for a malicious Nextcloud server to access and manipulate users' data," the researchers noted, calling for a shift in treating server actions and server-generated inputs as adversarial to solve the issue.

Back in June 2022, ETH Zurich researchers also identified critical security flaws in the MEGA cloud storage service, which could be exploited to break both confidentiality and integrity of user data.