Scientists from the Swiss Higher Technical School of Zurich ETH Zurich have identified several critical vulnerabilities in the MEGA cloud storage service that can be used to violate the confidentiality and integrity of user data.
In a document titled “MEGA: Flexible Encryption Goes Awry,” the researchers noted that the MEGA system does not protect its users and allows a cybercriminal to gain access to downloaded files. “An attacker can inject malicious files that pass all client authentication checks”, — said the experts of ETH Zurich.
MEGA users are at risk of cracking the RSA key, which allows an attacker to reveal the user’s private RSA key by faking 512 login attempts, and decrypt the stored content.
“After logging in, shared folders, MEGAdrop files and chats can be decrypted. Files on the cloud disk can be decrypted at subsequent logins”, — said the chief architect of MEGA Mathias Ortmann,
The recovered RSA key can then be extended for subsequent attacks to perform the following actions:
- Decrypt all messages and user files;
- Insert arbitrary files into the user’s storage;
- Fake a file name to place it in the victim’s cloud;
- Decrypt the RSA used by the MEGA platform to encrypt the user’s data and the data he shared.
“Vulnerabilities can be exploited if a cybercriminal has imperceptibly compromised MEGA’s API servers or TLS connections. An attacker can upload arbitrary data and decrypt all the victim’s files and messages”– Ortmann noted.
According to MEGA, no compromised accounts were reported to the service. The platform also promised to fix bugs in the next release.