Analysis Summary

Cybersecurity experts have found serious cryptographic flaws in several end-to-end encrypted (E2EE) cloud storage systems that might be used to steal private information.

The severity of the vulnerabilities varies; a malicious server can frequently inject files, alter file contents, or even obtain direct access to plaintext. Surprisingly, a large number of our attacks had identical effects on multiple providers, exposing similar failure patterns in separate cryptographic schemes. An investigation of five prominent providers, including Sync, pCloud, Icedrive, Seafile, and Tresorit, produced the discovered flaws.

The attack methods that have been developed rely on a malicious server that is controlled by an adversary and that might be used to target the customers of the service providers. The following is a synopsis of the vulnerabilities found in the cloud storage systems:

• Sync, wherein files might be injected and their content altered, and a malicious server could be used to breach the secrecy of submitted files.
• pCloud, in which files might be injected and their content altered, as well as the secrecy of uploaded files compromised by a rogue server.
• Seafile allows for the faster brute-forcing of user credentials by using a rogue server to also inject files and alter their content.
• Icedrive, in which files might be injected and their content altered, as well as the integrity of submitted data compromised by a rogue server.
• Tresorit is a vulnerability in which hostile servers may be used to exchange files with non-authentic keys and alter some storage metadata.

These attacks fit into one of the ten major categories that allow for the insertion of arbitrary files, target file contents and metadata, and breach confidentiality:

• Insufficient verification of user credentials (Sync and pCloud)
• Utilizing public keys without authentication (Sync and Tresorit)
• Downgrading the encryption protocol (Seafile)
• Risky link sharing (Sync)
• Use of CBC and other unauthenticated encryption methods (Icedrive and Seafile)
• File chunking without authentication (Seafile and pCloud)
• Changing the locations and names of files (Sync, pCloud, Seafile, and Icedrive)
• Modification of file metadata (affecting all five providers)
• Injection of folders into the user's storage with the combination of a sharing mechanism quirk and a metadata-editing attack (Sync)
• Malicious files being injected into a user's storage (pCloud)

The researchers said, “Not all of our attacks are sophisticated in nature, which means that they are within reach of attackers who are not necessarily skilled in cryptography. Indeed, our attacks are highly practical and can be carried out without significant resources.”

Furthermore, they highlight that E2EE cloud storage as it is implemented in practice fails at a low level and frequently does not require more sophisticated cryptanalysis to break, even if some of these attacks are not new from a cryptographic standpoint. While Sync, Seafile, and Tresorit have recognized the study, Icedrive has chosen not to resolve the flaws that were found after making a responsible disclosure in late April 2024.

Impact

• Sensitive Data Theft
• Unauthorized Access
• Information Exposure

Remediation

• Organizations must test their assets for the vulnerabilities mentioned above and apply the available security patch or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.