Cybersecurity researchers at ETH Zurich have discovered severe cryptographic vulnerabilities in several end-to-end encrypted (E2EE) cloud storage platforms.
These vulnerabilities could allow a threat actor to illegally access customers’ sensitive data.
Jonas Hofmann and Kien Tuong Truong, ETH Zurich researchers, in a new report, reveal that in the setting of a malicious server, they performed an in-depth cryptographic analysis on five major E2EE cloud storage providers — Sync, pCloud, Icedrive, Seafile, and Tresorit — who cumulatively have over 22 million users and exposed their claims of security in the storage service market.
“The vulnerabilities pervading E2EE cloud storage highlight a critical blind spot in our grasp of the field. Our findings strongly suggest that, in its current stage, the ecosystem of E2EE cloud storage is largely broken and requires significant reevaluation of its foundations,” wrote Truong and Hofmann in the report.
The researchers based their analysis on a threat model in which an attacker has control over a malicious server and the ability to read, modify, and inject data at will – a realistic approach for nation-state actors and highly skilled hackers.
Upon analysis, the researchers discovered vulnerabilities across all five platforms that allowed a malicious server under an adversary’s control to easily inject files in the encrypted storage of users at will, tamper with file data, and even gain direct access to the content of the files.
This contradicted the platforms’ marketing claims and gave customers a false sense of security regarding their data security.
The researchers identified ten classes of attacks across all five cloud storage platforms, which were split into four categories: confidentiality, target file data, metadata, and the injection of arbitrary files into the user’s storage.
Let’s have a look at the classes of attack:
- Lack of authenticated key material that allows attackers to insert their own encryption keys (Sync and pCloud)
- Unauthenticated public keys (Sync and Tresorit)
- Encryption protocol downgrade that allows it to attempt brute-force of user passwords (Seafile)
- Link-sharing pitfalls which encode the password needed to decrypt (Sync)
- Unauthenticated encryption modes such as CBC allow an attacker to tamper with the content of files in a semi-controlled manner (Icedrive and Seafile)
- Unauthenticated chunking of files that allows an adversary to swap chunks around and remove chunks from files (Seafile and pCloud)
- Tampering with file names and locations (Sync, pCloud, Seafile, and Icedrive)
- Tampering with file metadata (affects all five providers)
- Injection of folders (Sync)
- Injection of rogue file keys, along with rogue file content in the user’s storage (pCloud)
“Not all of our attacks are sophisticated in nature, which means that they are within reach of attackers who are not necessarily skilled in cryptography. Indeed, our attacks are highly practical and can be carried out without significant resources,” the researchers added.
“Additionally, while some of these attacks are not novel from a cryptographic perspective, they emphasize that E2EE cloud storage as deployed in practice fails at a trivial level and often does not require more profound cryptanalysis to break.”
When finding the vulnerabilities, Hofmann and Truong followed ethical disclosure practices and notified Sync, pCloud, Seafile, and Icedrive of their findings on April 23, 2024, with a standard 90-day disclosure window.
While Seafile and Icedrive both acknowledged the issue, the Icedrive team has chosen not to address the raised issues. On the other hand, Seafile has promised to patch the protocol downgrade issue with a future update.
Further, on September 27, 2024, the researchers contacted Tresorit to discuss potential improvements in their particular cryptographic designs.
Pcloud has yet to comment on the researchers’ report, while Sync, in a statement to BleepingComputer, said, “Our security team became aware of these issues last week, and we’ve since taken swift action to address them. We’ve also reached out to the research team to share findings and collaborate on the next steps.”