Security researchers at ETH (Swiss Federal Institute of Technology) in Zurich have uncovered errors in the end-to-end encryption of the Mega sharing host. By exploiting vulnerabilities, an operator or attacker can, under certain circumstances, view encrypted files.
In fact, end-to-end encryption between the parties should ensure that only the rightful owner can decrypt their files. The operator cannot read plaintext across its infrastructure and attackers are also blocked – if the necessary encryption processes are implemented correctly.
The problem has been resolved. But only temporarily?
On a website, security researchers stated that this is not the case with Mega. The error was found in the implementation of problematic encryption. In a statement, Mega stated that it was able to at least partially solve the problem. More spots to follow. So far, no such attacks have occurred.
Security researchers, for example, assert that the private key can no longer be accessed using their method. However, in their opinion, the implementation is still not optimal, and the additional attacks that they have identified could occur via other methods.
the problems
The massive client derives the keys for authentication and encryption from the user’s password. Among other things, the encryption key encrypts other keys, for example for chat functionality and file access. To ensure access from multiple devices, the private key is encrypted on massive servers.
Since the keys do not have safety protection, the security researchers said that they intervened fraudulently. This enabled them to draw conclusions about prime numbers in the context of exchanging data for the session identifier. After 512 login attempts with the password, they were able to rebuild the private key bit by bit using an RSA key recovery attack.
In order to be able to do this, you must provide access to the massive server infrastructure. The operator could theoretically decrypt the files or attackers in man-in-the-middle mode.
More attacks
Thus the operator or attacker can access the information in plain text. It is also conceivable that attackers can tamper with files stored by users or even send files infected with malicious code to victims who pass reliability checks. In their detailed report, the security researchers explained other attacks and identified potential attack scenarios.
(From)
