Flaws Found in Five Major End-to-End Encrypted Cloud Services! 🔒

Summary:

1. Significant Security Vulnerabilities
   Researchers from ETH Zurich have identified cryptographic flaws in five popular end-to-end encrypted cloud storage services, jeopardizing user data confidentiality and integrity.

2. Affected Services
   The cloud services studied include Sync, pCloud, Seafile, Icedrive, and Tresorit, which collectively serve around 22 million users. Tresorit exhibited the fewest vulnerabilities.

3. Types of Flaws
   Four out of the five services had severe vulnerabilities that could allow an attacker, who has compromised a cloud server, to access, tamper with, or inject files, undermining the security provided by end-to-end encryption.

4. Response from Providers
   Some affected services are actively working on fixes, with Sync “fast-tracking” solutions and Seafile promising to address a protocol downgrade issue in future updates.

5. Realistic Threat Model
   The study emphasizes that these flaws are a realistic threat for end-to-end encrypted services, as they are designed to protect user files even in the event of server compromise.

Read more at: SC World | Broken Cloud Storage