Researchers from ETH Zurich have discovered significant security vulnerabilities in several widely used end-to-end encrypted (E2EE) cloud storage services.
Cryptographic flaws could allow attackers to bypass encryption, compromise file confidentiality, manipulate data, or even insert unauthorized files into users’ storage.
The study analyzed five E2EE cloud storage providers – Sync, pCloud, Seafile, Icedrive and Tresorit – which together serve an estimated 22 million users worldwide. Each of the services promises robust encryption to protect files from unauthorized access, even by the service provider.
However, researchers Jonas Hofmann and Kien Tuong Truong found that four of the five had serious flaws that could weaken protection. Their findings, which were presented at the ACM Conference on Computer and Communications Security (CCS), highlight potential gaps in the promises of E2EE security providers.
Tresorit excels, but it is not flawless
Of the services tested, Tresorit demonstrated the fewest vulnerabilities, with only a small risk of metadata manipulation and non-authentic keys during file sharing. Although these issues are less serious, they can still pose risks in certain scenarios. In contrast, the other four services revealed more significant security gaps, increasing the chance of data disclosure or tampering.
Key vulnerabilities and real threats to E2EE
To evaluate the strength of E2EE security, the researchers tested ten different attack scenarios, assuming that an attacker has already gained control of the cloud server with permission to read, modify, or insert data. Although this level of access is unlikely, the study argues that E2EE should be effective under such conditions. Some notable vulnerabilities are:
- Unauthenticated key material: Both Sync and pCloud were found to have unauthenticated encryption keys, allowing attackers to inject their own keys, decrypt files, and access sensitive data.
- Public Key Substitution: Sync and Tresorit were vulnerable to unauthorized key substitution during file sharing, allowing attackers to intercept or modify files.
- Protocol Downgrade Attack: The protocols used by Seafile allowed for downgrades to weaker encryption standards, making it more vulnerable to brute force attacks.
Other risks were identified in Icedrive and Seafile, which used unverified encryption modes, allowing attackers to modify and corrupt file contents. In addition, vulnerabilities in the “sharding” process across multiple services could compromise the integrity of files by allowing attackers to reorder, delete, or modify portions of files.
The provider provides answers and next steps
In April 2024, the researchers shared their findings with Sync, pCloud, Seafile and Icedrive, followed by Tresorit in September. Responses have varied, Sync and pCloud have yet to respond, Seafile is preparing to fix the protocol downgrade issue, and Icedrive is evolving to address these concerns. The Treasury Department confirmed the receipt but declined to comment further.
According to a recent BleepingComputer Sync said these are “quick fixes” and have already addressed some documented data leakage issues using file sharing links.
ETH Zurich researchers believe that these security flaws are common across many E2EE cloud storage platforms, underscoring the need for further investigation and a standardized protocol to ensure secure encryption in the industry.
(Image by Roman)
See also: Why companies continue to struggle with cloud visibility—and code vulnerabilities
Want to learn more about cybersecurity and the cloud from industry leaders? Check out the Cyber Security & Cloud Expo in Amsterdam, California and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.