No one can deny the convenience of cloud file-storage services like Dropbox or OneDrive. The one drawback is that cybercriminals, intelligence agencies, or the hosting provider itself can view your cloud-based files without authorization. But there\u2019s a more secure alternative: encrypted cloud file-storage. Some call it end-to-end encryption (E2EE) \u2014 similar to Signal and WhatsApp. According to the marketing blurb, files are encrypted on your device and sent to the cloud already in secure form \u2014 the encryption key remaining in your possession and no one else\u2019s. Not even the provider can sniff this information. But is that really the case?<\/p>\n
The Applied Cryptography Group at ETH Zurich took apart<\/a> the algorithms of five popular encrypted storage services: Sync.com, pCloud, Icedrive, Seafile, and Tresorit. In each of them, the researchers found errors in the implementation of encryption allowing, to varying degrees, file manipulation, and even access to fragments of unencrypted data. Earlier, they\u2019d discovered flaws in two other popular hosting services \u2014 \u00a0MEGA<\/a> and Nextcloud<\/a>.<\/p>\n In all cases, attacks are carried out from a malicious server. The scenario is as follows: the intruders either hack the encrypted hosting servers, or, by manipulating routers along the client-to-server path, force the victim\u2019s computer to connect to another server mimicking the genuine encrypted hosting server. If this tricky maneuver succeeds, the attackers can theoretically:<\/p>\n The malicious server in each case is a hard-to-implement but not blue-sky component of the attack. In light of the cyberattacks on Microsoft<\/a> and Twilio<\/a>, the possibility of compromising a major player is real. And of course, E2EE by definition needs to be resistant to malicious server-side actions.<\/p>\n Without going into technical details, we note that the developers of all the services seem to have implemented bona fide E2EE and used recognized, strong algorithms like AES and RSA. But file encryption creates a lot of technical difficulties when it comes to document collaboration and co-authoring. The tasks required to overcome these difficulties and factor in all possible attacks involving modified encryption keys remain unsolved, but Tresorit has done a far better job than anyone else.<\/p>\n The researchers point out that the developers of the various services made very similar errors independently of each other. This means that the implementation of encrypted cloud storage is fraught with non-trivial cryptographic nuances. What\u2019s needed is a well-developed protocol thoroughly tested by the cryptographic community \u2014 such as TLS for websites or the Signal Protocol for instant messengers.<\/p>\n The biggest problem with fixing the identified bugs is that not only do the applications and server software need updating, but also, in many cases, user-saved files need re-encrypting. Not every hosting provider can afford these huge computational outlays. What\u2019s more, re-encryption is only possible in cooperation with each user \u2014 not unilaterally. Which is probably why fixes are slow in coming:<\/a><\/p>\n Although the issues identified by the Applied Cryptography Group cannot be called purely theoretical, they do not represent a mass threat readily exploitable by cybercriminals. Therefore, hasty action isn\u2019t required; rather \u2014 a sober assessment of your situation is needed:<\/p>\n If collaboration isn\u2019t important, while the data stored is critical, the best option is to switch to local file encryption. You can do this in a variety of ways \u2014 for example, by storing data in an encrypted container file or an archive with a strong password. If you need to transfer data to another device, you can upload an already encrypted archive to the cloud hosting service.<\/p>\n If you want to combine collaboration and convenience with proper security guarantees, and the amount of stored data isn\u2019t that great, it\u2019s worth moving the data to one of the services that better withstood ETH Zurich\u2019s testing. That means Tresorit first and foremost, but don\u2019t discount MEGA and Nextcloud.<\/p>\n If none of these solutions fits the bill, you can opt for other encrypted hosting services, but with additional precautions: avoid storing highly sensitive data, promptly update client applications, regularly check your cloud drives, and delete outdated or extraneous information.<\/p>\n\n
Costly fixes<\/h2>\n
\n
What users need to do<\/h2>\n
\n