Millions of users relying on end-to-end encrypted (E2EE) cloud storage platforms may be at risk due to security vulnerabilities. According to new research by analysts from ETH Zurich, access to E2EE storage services including Sync, pCloud, Icedrive, Seafile and Tresorit includes several cryptographic flaws that could allow threat actors to illegally access customer information. Researchers Jonas Hofmann and Kien Tuong Truong also emphasised that the vulnerabilities they discovered in these platforms, which collectively serve over 22m users, are common across other such sites and reflect broader security failings in the storage service market.
“The vulnerabilities pervading E2EE cloud storage highlight a critical blind spot in our grasp of the field,” wrote Truong and Hofmann. “Our findings strongly suggest that, in its current stage, the ecosystem of E2EE cloud storage is largely broken and requires significant reevaluation of its foundations.”
Broader challenges in E2EE cloud storage
E2EE cloud storage services like Google Drive, Dropbox, and OneDrive are widely recognised but do not provide end-to-end encryption, allowing providers access to stored data. E2EE cloud storage aims to give users control over their data using cryptographic techniques while offering affordable storage options. However, Truong and Hofmann referenced previous studies on platforms like MEGA and NextCloud demonstrating that even established E2EE providers face cryptographic vulnerabilities, highlighting the complexities of developing fully secure solutions.
The duo based their study on a threat model wherein an attacker controls a malicious server capable of reading, modifying, and injecting data. Hofmann and Truong indicated that this scenario is plausible for nation-state actors and sophisticated hackers. Their analysis revealed that several of these vulnerabilities contradict the platforms’ marketing claims, potentially misleading customers about their data security.
Hofmann and Truong discovered vulnerabilities across all five platforms, enabling malicious actors to inject files, tamper with data, or gain unauthorised access to user information. Specifically, Sync’s issues include unauthenticated key material, which allows attackers to insert their own encryption keys.
The absence of public key authentication in file sharing exposes shared files to decryption, while shared links compromise user confidentiality by exposing passwords to the server. Attackers can also manipulate file names and folders, making injected files appear user-uploaded, said the researchers.
Regarding pCloud, the researchers found that unauthenticated key material allows attackers to overwrite private keys and encrypt files with their own versions. Public keys remain unauthenticated, granting attackers access to encrypted files. They further noted that attackers can inject files, manipulate metadata, and reorder or delete file chunks due to inadequate authentication measures.
Icedrive’s use of unauthenticated Cipher Block Chaining (CBC) encryption allows attackers to tamper with file contents. Hofmann and Truong highlighted that file names can be truncated or modified, and attackers can manipulate file segments due to a lack of authentication in chunking processes.
Seafile also exhibited vulnerabilities, such as protocol downgrades that facilitate the brute-forcing of passwords. The researchers noted that unauthenticated CBC encryption permits data tampering, while unauthenticated chunking allows manipulation of file segments. Additionally, unsecured file names and locations leave users vulnerable to server-based file and folder injections.
Although Tresorit was also affected, the researchers stated it performed comparatively better. They explained that its public key authentication relies on server-controlled certificates, which attackers can replace to access shared files. Metadata manipulation remains possible, allowing attackers to alter file creation details and potentially mislead users. However, they noted that Tresorit’s vulnerabilities do not directly expose file contents, making them less severe than those of other platforms.