Researchers from ETH Zurich have uncovered significant security vulnerabilities in several widely used end-to-end encrypted (E2EE) cloud storage services.
The cryptographic flaws could allow attackers to bypass encryption, compromise file confidentiality, tamper with data, or even inject unauthorised files into users’ storage.
The study analysed five E2EE cloud storage providers—Sync, pCloud, Seafile, Icedrive, and Tresorit—which collectively serve an estimated 22 million users worldwide. Each of the services promises robust encryption to safeguard files from unauthorised access, even by the service provider.
However, researchers Jonas Hofmann and Kien Tuong Truong discovered that four of the five have severe flaws that might weaken protections. Presented at the ACM Conference on Computer and Communications Security (CCS), their findings highlight potential gaps in the E2EE security promises made by providers.
Tresorit stands out but isn’t flawless
Of the services tested, Tresorit demonstrated the fewest vulnerabilities, with only minor risks of metadata tampering and non-authentic keys during file sharing. Although less severe, these issues could still pose risks in certain scenarios. In contrast, the other four services exhibited more substantial security gaps, increasing the chances of data exposure or tampering.
Key vulnerabilities and realistic threats to E2EE
To evaluate the strength of E2EE security, researchers tested ten different attack scenarios, assuming the attacker had already gained control over a cloud server with permissions to read, modify, or inject data. Though this level of access is unlikely, the study contends that E2EE should be effective even under such conditions. Some notable vulnerabilities are:
- Unauthenticated Key Material: Both Sync and pCloud were found to have unauthenticated encryption keys, allowing attackers to insert their own keys, decrypt files, and access sensitive data.
- Public key substitution: Sync and Tresorit were vulnerable to unauthorised key replacement during file sharing, allowing attackers to intercept or change files.
- Protocol downgrade attack: The protocols used by Seafile allowed for a downgrade to weaker encryption standards, making it more vulnerable to brute-force attacks.
Other risks were identified in Icedrive and Seafile, which used unauthenticated encryption modes, allowing attackers to modify and corrupt file contents. Additionally, vulnerabilities in the “chunking” process across multiple services could compromise file integrity by allowing attackers to reorder, remove, or alter file pieces.
Provider provides responses and next steps
In April 2024, the researchers shared their findings with Sync, pCloud, Seafile, and Icedrive, followed by Tresorit in September. Responses varied, with Sync and pCloud yet to respond, Seafile preparing to patch the protocol downgrade issue, and Icedrive declining to address the concerns. Tresorit acknowledged receipt but declined to speak more.
According to a recent BleepingComputer report, Sync indicated that they are “fast-tracking fixes” and have already resolved some of the documented data leak issues with file-sharing links.
ETH Zurich researchers believe these security flaws are common across many E2EE cloud storage platforms, underscoring the need for further investigation and a standardised protocol to ensure secure encryption in the industry.
(Image by Roman)
See also: Why companies continue to struggle with cloud visibility – and code vulnerabilities
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.
