Mega Sharehoster: Security researchers actually decrypt protected data

Security researchers from ETH (Swiss Federal Institute of Technology) in Zurich have discovered errors in the end-to-end encryption of the Mega stock hoster. By exploiting the vulnerabilities, the operator or attacker could, under certain conditions, view encrypted files.

In reality, end-to-end encryption should ensure that only the rightful owner can decrypt his files. Neither can the operator read the plaintext via its infrastructure, and even attackers are blocked, if the necessary cryptographic operations are implemented correctly.

On one website, security researchers claim that this is not the case with Mega. The bug lies in a problematic cryptographic implementation. In a statement, Mega claims that it has at least partially solved the problem. More patches will follow. There have been no such attacks so far.

Security researchers confirm that, for example, access to the private key is no longer possible using their method. According to them, however, suboptimal implementation remains, and the further attacks they have outlined could come through other avenues.

The mega-client derives the authentication and encryption keys from the user’s password. Among other things, the encryption key encrypts other keys, such as for the chat function and file access. To ensure access from multiple devices, the private key is encrypted on the mega servers.

Since the keys have no integrity protection, the security researchers said they intervened in a manipulative way. This allowed them to draw conclusions about prime numbers when exchanging session ID data. After 512 password login attempts, they were able to rebuild the private key bit by bit using an RSA key recovery attack.

In order to do this, however, you need to provide access to the mega server infrastructure. The operator could theoretically decrypt files or attackers in a man-in-the-middle location.

The operator or attacker could then access the information in the clear. It is also conceivable that attackers could manipulate files stored by users or even foist files infected with malicious code to victims who pass authenticity checks. In their detailed report, security researchers explain other attacks and outline possible attack scenarios.

(of the)

To the home page

About the author


Leave a Comment