Submit the keyword or topic you are searching for

  1. Home
  2. Technology
  3. Several top E2EE cloud storage providers have serious security flaws
Technology

Several top E2EE cloud storage providers have serious security flaws

Some providers acknowledged the findings.

featured-image

Some providers offering end-to-end encryption (E2EE) are largely operating a broken ecosystem which could, in very realistic theory, allow threat actors to tamper with the files in a way that should not be possible, experts have claimed. In an in-depth analysis, recently published on the brokencloudstorage.info website, cybersecurity researchers Jonas Hofmann and Kien Tuong Truong from ETF Zurich noted if a threat actor compromises a company server, they can “inject files, tamper with file data, and even gain direct access to plaintext.

" During their research, the two experts analyzed five major providers in the field - Sync, pCloud, Icedrive, Seafile, and Tresorit, concluding, “many of our attacks affect multiple providers in the same way, revealing common failure patterns in independent cryptographic designs." Nation-state targets On Sync and pCloud, a compromised server could be abused to break the confidentiality of uploaded files, inject files, and tamper with their content, while for Seafile such a server could be used to speed-up brute-force attacks, inject files, and tamper with the content. For Icedrive, hackers could use a compromised server to break the integrity of uploaded files, inject files, and tamper with their content, while for Tresorid, a broken server could be used to present non-authentic keys, when sharing files.



Crooks would also be able to tamper with some metadata in the storage. The researchers stress that this doesn’t mean that the service providers are malicious, but that these flaws make them a major target for threat actors. More importantly - nation-state threat actors.

They also added that compromising a server belonging to an E2EE cloud storage provider isn’t as far-fetched as it may seem at first. In fact, they argue it’s the “most realistic” adversary model for E2EE cloud storage. The majority of the service providers mentioned in the report - Sync, Seafile, and Tresorit, were said to have acknowledged the report.

Icedrive is yet to address the issue, while there are no reports for pCloud just yet..

My Protein Germany

Myprotein UK

Menkind UK

Top News

Scheduled Power Maintenance on 22nd October 2024: Affected Areas

Residents and businesses in various regions across Nairobi, ...

PM Marape returns from Indonesia’s President Inauguration

Vancouver Indigenous Fashion Week Returns

4 killed, 24 injured in Israeli airstrike near hospital in Beirut: Lebanon

Related Posts

post-thumbnail
Technology

Baidu CEO: 99% of AI companies won't survive bubble burst

post-thumbnail
Technology

Scammers cloned billionaire Sunil Mittal's voice with AI to con his executive: Report

post-thumbnail
Technology

On X, the definition of ‘blocking’ is about to change

post-thumbnail
Technology

MemeFi Redeem Codes For October 22: Win Free Coins, Unlock Rewards. Try These Secret Codes Today

post-thumbnail
Technology

China Telecom's next 150,000 servers will mostly use local processors

post-thumbnail
Technology

IBM Comes With New AI Models for Businesses To Rival Google And Microsoft

post-thumbnail
Technology

5 Best Adventure Bikes In India Under Rs 3 lakh - Yezdi Adventure, Himalayan 450, Xpulse 200 4V

post-thumbnail
Technology

Garena Free Fire Max Codes For October 22: Unlock Exciting Loot Boxes, Cool Custom Skins, More Rewards. Here’s How