Severe Flaws in Cloud Storage Platforms Affecting 22 Million People

Researchers at ETH Zurich have found vulnerabilities in several end-to-end encrypted cloud storage platforms being used by over 22 million people in total.

While cloud storage platforms like Google Drive, Dropbox, and OneDrive are household names, these services do not provide End-to-End Encryption, meaning that the provider has access to the data stored on their servers at their discretion. End-to-end encrypted cloud storage platforms emerged to provide customers with the best of both worlds, providing low-cost storage solutions as well as control over who sees their data using cryptographic techniques.

Researchers Jonas Hoffman and Kien Tuong Truong conducted cryptographic analyses of five of the major end-to-end encrypted cloud storage providers which revealed severe cryptographic vulnerabilities many of which affect multiple providers in the same way, revealing common failure patterns.

Important note: Attacks were conducted by the researchers under the assumption of a compromised server.

Vulnerabilities

The analyses were conducted on 5 major providers: Sync, pCloud, Icedrive, Seafile, and Tresorit. Serious vulnerabilities were found in all five of these. The language used to describe these vulnerabilities is fairly technical. Refer to the Definitions section for clarity on any of the terms used henceforth.

• Sync:
  • Unauthenticated Key Material: Allows attackers to inject their own encryption keys and compromise data.
  • Lack of public key authentication: Allows attackers to decrypt shared files.
  • Shared links expose passwords to the server.
  • Attackers can rename or move files undetected and even inject folders into user storage, making them appear as if the user uploaded them.
• pCloud:
  • Unauthenticated Key Material: Allows attackers to overwrite private keys and force encryption with attacker-controlled keys.
  • Attackers can access encrypted files due to unauthenticated public keys.
  • Attackers can also inject files, manipulate metadata like file size, and reorder or remove chunks due to the lack of authentication in the chunking process.
• Icedrive:
  • Unauthenticated CBC encryption: Allows file tampering and modification of file content by the attackers.
  • Unauthenticated Chunking: attackers can reorder or remove file chunks.
• Seafile:
  • Vulnerable to protocol downgrading: Makes brute-forcing passwords easier.
  • Unauthenticated CBC encryption
  • Unauthenticated chunking
  • Unsecured File names and Locations:
• Tresorit:
  • Public key authentication relies on server-controlled certificates: Attackers can change these to access shared files.
  • Metadata vulnerable to tampering

Disclosures

The researchers disclosed their findings to the vendors in April of this year.

Tresorit was already in pretty good shape compared to the others but still committed to making changes to make their systems more robust.

Seafile and Sync have addressed the issue with Seafile promising to patch the protocol downgrade problem specifically in a future upgrade. Sync has fixed some of the problems already and has reportedly reached out to the research team to share findings and collaborate on the next steps. Sync has also revealed that there is no evidence of these vulnerabilities having been exploited or files compromised.

Icedrive decided not to address the issues and pCloud is yet to respond.

Definitions

Here are some definitions that might come in handy for understanding the rest of this article.

1. Unauthenticated Key Material – This refers to encryption keys that are not properly verified, meaning attackers can replace or inject their own keys, allowing them to decrypt or manipulate the data.
2. Public Key Authentication – A method used to verify the identity of a person or system by using a public encryption key. Without proper authentication, attackers can trick the system into trusting fake keys and gain access to sensitive data.
3. Shared Links – Links that allow users to share files or folders with others. If these links are not securely protected, attackers could gain access to the shared files, including any sensitive information, like passwords.
4. CBC (Cipher Block Chaining) Encryption – A method of encrypting data where each block of data is dependent on the previous one. If this encryption method is not properly secured, attackers can tamper with or modify the content of files without detection.
5. Chunking – The process of breaking a file into smaller pieces (chunks) for easier storage or transmission. If this process is not properly authenticated, attackers can manipulate the chunks, altering or removing parts of the file.
6. Protocol Downgrading – This occurs when attackers force a system to use a weaker, less secure version of a security protocol, making it easier for them to crack passwords or break into systems.
7. Metadata – Information about a file, such as its name, size, or the date it was created. If metadata can be tampered with, attackers can manipulate this information to hide malicious actions or alter how the file appears.
8. Server-Controlled Certificates – These are used to verify the identity of users or devices in secure communications. If attackers gain control of the certificates, they can impersonate users or systems and access files they shouldn’t have.