In the decade since the founding of the older hero Kim Dotcom megacloud storage has 250 million registered users and stores a whopping 120 billion files more than 1000 petabytes in storage. A key selling point that has helped boost growth is an outstanding promise that none of Mega’s top competitors make: not even Mega can decrypt the data it stores.
On the company’s homepage, for example, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega’s lower prices, the comparison highlights that Mega offers end-to-end encryption, while the other two do not.
Over the years, the company has repeatedly reminded the world of this we assume distinctionwhich is perhaps best summarized in this blog post. In it, the company claims: “As long as you ensure that your password is strong and unique enough, no one will ever have access to your MEGA data. Even in the most incredible case, the entire MEGA infrastructure has been confiscated!“(emphasis added).
Decade of denied assurances
A study published on Tuesday shows that there is no truth in the claim that Mega or an entity that controls Mega’s infrastructure cannot access the data stored in the service. The authors say the architecture Mega uses to encrypt files is fraught with major cryptographic flaws that make it trivial for anyone with control of the platform to perform a full key recovery attack on users once a sufficient number of users have logged in. times. In this way, the malicious party can decrypt stored files or even upload incriminating or otherwise malicious files to an account; these files appear indistinguishable from the actual uploaded data.
“We show that the MEGA system does not protect its users from malicious servers and presents five different attacks, which together allow a complete compromise with the confidentiality of user files,” the researchers wrote. website. “In addition, the integrity of user data has been compromised to the point that an attacker may insert malicious files of their choice that pass all customer authentication. We have built proof-of-concept versions of all attacks, demonstrating their practicality and usability. “
After receiving the researchers’ report in private in March, Mega began releasing an update Tuesday that made it difficult to carry out the attacks. But researchers warn that the patch provides only an “ad hoc” means of thwarting their key recovery attack and does not address the issue of key reuse, lack of integrity checks, and other systemic issues they have identified. As the exact key recovery attack of the researchers is no longer possible, the other exploits described in the study are also no longer possible, but the lack of a comprehensive correction is a source of concern for them.
“This means that if the preconditions for the other attacks are met in some different way, they can still be exploited,” the researchers wrote in an email. “Therefore, we do not approve of this adjustment, but the system will no longer be vulnerable to the exact chain of attacks we have proposed.
Mega published a tip TIMES. However, the chairman of the service says he has no plans to revise promises that the company does not have access to customer data.
“For a short time, there was the potential for an attacker to deny our commitment in very limited circumstances and for very few users, but this has already been corrected,” President Stephen Hall wrote in an email.