Mega isn't that secure: 5 ways to break through its encryption

Mega isn't that secure: 5 ways to break through its encryption

Mega isn't that secure

Surely many of you will know Mega, a New Zealand file sharing company founded by Kim Dotcom. One of the most heralded strengths is the fact of offering a "privacy by design", where the cryptographic keys are directly controlled by the user, so that only he will be able to access the files, even if the main system is requisitioned. by law enforcement agencies.

However, this does not seem to be exactly true, given that the cryptographic experts of the ETH Zurich recently published a document in which they explain five possible attacks that could be carried out by potential malicious actors to compromise the confidentiality of stored files. The PDF, titled "Mega: Malleable Encryption Goes Awry", highlights "significant deficiencies in Mega's cryptographic architecture."

Mathias Ortmann, Mega's chief architect, published a blog post in which he announced that three of the five bugs found by the researchers have been fixed via an update, while more mitigations will arrive in the future. Specifically, he stated that Mega intends to release a client fix for attack number four and remove the legacy code that allows for attack number five.




The first two attacks exploit the lack of integrity protection of the ciphers containing the keys (hereinafter referred to as key ciphers) and allow to completely compromise all user keys encrypted with the master key, leading to a complete breakdown of data confidentiality in the MEGA system. The next two attacks breach the integrity of encrypted files and allow a malicious service provider to place chosen files into users' cloud storage. The latest attack is a Bleichenbacher-type attack against MEGA's RSA encryption mechanism.

In practice, the main problem is that the method used by Mega to derive the various cryptographic keys used to authenticate and encrypt the file does not check the integrity of the keys: an attacker can then tamper with the RSA private key and leak information.

Kenneth Paterson, part of the group of researchers who discovered the vulnerabilities, expressed on Twitter the very disappointed that the company has not committed to a complete overhaul of its approach, but has limited itself to correcting the problems, as its encryption is "quite fragile".





Mega isn - Bing News

Big jackpots are available for Satruday's Powerball and Tuesday's Mega Millions drawings. They have a combined jackpot over $500 million ...


The Sega Mega Drive - known as the Genesis in the US - pushed Sega into its golden era in terms of both games and hardware. It boldly claimed that “Genesis does what Nintendon’t”, and while that’s ...