"The attacks presented here show that it is possible for a motivated party to find and exploit vulnerabilities in real world cryptographic architectures, with devastating results for security. "They hint at the difficulty of maintaining large-scale systems employing cryptography, especially when the system has an evolving set of features and is deployed across multiple platforms." "The attacks arise from unexpected interactions between seemingly independent components of MEGA's cryptographic architecture," the researchers elaborated. "The reported vulnerabilities would have required MEGA to become a bad actor against certain of its users, or otherwise could only be exploited if another party compromised MEGA's API servers or TLS connections without being noticed," Ortmann pointed out. MEGA further emphasized that it's not aware of any user accounts that may have been compromised by the aforementioned attack methods. The fourth vulnerability related to the breach of integrity is expected to be addressed in an upcoming release.Īs for the Bleichenbacher-style attack against MEGA's RSA encryption mechanism, the company noted the attack is "challenging to perform in practice as it would require approximately 122,000 client interactions on average" and that it would remove the legacy code from all of its clients. The shortcomings are severe as they undermine MEGA's supposed security guarantees, prompting the company to issue updates to address the first three of the five issues. In a nutshell, the attacks could be weaponized by MEGA or any entity controlling its core infrastructure to upload lookalike files and decrypt all files and folders owned by or shared with the victim as well as the chat messages exchanged. "With this, MEGA can decrypt these RSA ciphertexts, albeit requiring an impractical number of login attempts." "Each user has a public RSA key used by other users or MEGA to encrypt data for the owner, and a private key used by the user themselves to decrypt data shared with them," the researchers explained. Guess-and-Purge (GaP) Bleichenbacher attack, a variant of the Adaptive chosen-ciphertext attack devised by Swiss cryptographer Daniel Bleichenbacher in 1998 that could be exploited to decrypt RSA ciphertexts.Integrity Attack, a less stealthy variant of the Framing Attack that can be exploited to forge a file in the name of the victim and place it in the target's cloud storage, and.Framing Attack, wherein MEGA can insert arbitrary files into the user's file storage that are indistinguishable from genuinely uploaded ones.Plaintext Recovery Attack, which allows MEGA to decrypt node keys - an encryption key associated with every uploaded file and are encrypted with a user's master key - and use them to decrypt all user communication and files.The recovered RSA key can then be extended to make way for four other attacks. MEGA, which advertises itself as the "privacy company" and claims to provide user-controlled end-to-end encrypted cloud storage, has more than 10 million daily active users, with over 122 billion files uploaded to the platform to date. Paterson said in an analysis of the service's cryptographic architecture. "Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client," ETH Zurich's Matilda Backendal, Miro Haller, and Kenneth G. In a paper titled " MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files. A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |