https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/

"In the decade since larger-than-life character Kim Dotcom founded Mega, the 
cloud storage service has amassed 250 million registered users and stores a 
whopping 120 billion files that take up more than 1,000 petabytes of storage. A 
key selling point that has helped fuel the growth is an extraordinary promise 
that no top-tier Mega competitors make: Not even Mega can decrypt the data it 
stores.

"On the company's homepage, for instance, Mega displays an image that compares 
its offerings to Dropbox and Google Drive. In addition to noting Mega's lower 
prices, the comparison emphasizes that Mega offers end-to-end encryption, 
whereas the other two do not.Over the years, the company has repeatedly 
reminded the world of this supposed distinction, which is perhaps best 
summarized in this blog post. In it, the company claims, "As long as you ensure 
that your password is sufficiently strong and unique, no one will ever be able 
to access your data on MEGA. Even in the exceptionally improbable event MEGA's 
entire infrastructure is seized!" (emphasis added).

"Third-party reviewers have been all too happy to agree and to cite the Mega 
claim when recommending the service.

A decade of assurances negated

"Research published on Tuesday shows there's no truth to the claim that Mega, 
or an entity with control over Mega's infrastructure, is unable to access data 
stored on the service. The authors say that the architecture Mega uses to 
encrypt files is riddled with fundamental cryptography flaws that make it 
trivial for anyone with control of the platform to perform a full key recovery 
attack on users once they have logged in a sufficient number of times. With 
that, the malicious party can decipher stored files or even upload 
incriminating or otherwise malicious files to an account; these files look 
indistinguishable from genuinely uploaded data.

"We show that MEGA's system does not protect its users against a malicious 
server and present five distinct attacks, which together allow for a full 
compromise of the confidentiality of user files," the researchers wrote on a 
website. "Additionally, the integrity of user data is damaged to the extent 
that an attacker can insert malicious files of their choice which pass all 
authenticity checks of the client. We built proof-of-concept versions of all 
the attacks, showcasing their practicality and exploitability."

Reply via email to