Mega Says it Can’t Decrypt Your Files. New POC Exploit Shows Otherwise

upnorth

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,960
In the decade since larger-than-life character Kim Dotcom founded Mega, the cloud storage service has amassed 250 million registered users and stores a whopping 120 billion files that take up more than 1,000 petabytes of storage. A key selling point that has helped fuel the growth is an extraordinary promise that no top-tier Mega competitors make: Not even Mega can decrypt the data it stores.

On the company's homepage, for instance, Mega displays an image that compares its offerings to Dropbox and Google Drive. In addition to noting Mega's lower prices, the comparison emphasizes that Mega offers end-to-end encryption, whereas the other two do not. Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post. In it, the company claims, "As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Even in the exceptionally improbable event MEGA's entire infrastructure is seized!" (emphasis added). Third-party reviewers have been all too happy to agree and to cite the Mega claim when recommending the service.
Research published on Tuesday shows there's no truth to the claim that Mega, or an entity with control over Mega's infrastructure, is unable to access data stored on the service. The authors say that the architecture Mega uses to encrypt files is riddled with fundamental cryptography flaws that make it trivial for anyone with control of the platform to perform a full key recovery attack on users once they have logged in a sufficient number of times. With that, the malicious party can decipher stored files or even upload incriminating or otherwise malicious files to an account; these files look indistinguishable from genuinely uploaded data.

"We show that MEGA's system does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files," the researchers wrote on a website. "Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client. We built proof-of-concept versions of all the attacks, showcasing their practicality and exploitability."
After receiving the researchers' report privately in March, Mega on Tuesday began rolling out an update that makes it harder to perform the attacks. But the researchers warn that the patch provides only an "ad hoc" means for thwarting their key-recovery attack and does not fix the key reuse issue, lack of integrity checks, and other systemic problems they identified. With the researchers' precise key-recovery attack no longer possible, the other exploits described in the research are no longer possible, either, but the lack of a comprehensive fix is a source of concern for them.

"This means that if the preconditions for the other attacks are fulfilled in some different way, they can still be exploited," the researchers wrote in an email. "Hence we do not endorse this patch, but the system will no longer be vulnerable to the exact chain of attacks that we proposed." Mega has published an advisory here. However, the chairman of the service says that he has no plans to revise promises that the company cannot access customer data. "For a short time, there was potential for an attacker to negate our commitment, in very limited circumstances and for a very few users, but that has now been fixed," the chairman, Stephen Hall, wrote in an email.
 

Gandalf_The_Grey

Level 62
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,110
MEGA fixes critical flaws that allowed the decryption of user data
MEGA has released a security update to address a set of severe vulnerabilities that could have exposed user data, even if the data had been stored in encrypted form.

MEGA is a New Zealand-based cloud storage and file hosting service with over 250 million registered users from over two hundred countries. Users have collectively uploaded a massive 120 billion distinct files amounting to 1000 petabytes in size.

One of MEGA's advertised features is that data is end-to-end encrypted, with only the user having access to the decryption key. However, researchers have shown that vulnerabilities in the encryption algorithm allowed them to access users' encrypted data.

The vulnerabilities in MEGA's encryption scheme were discovered by researchers at ETH Zurich, in Switzerland, who reported it to the firm responsibly on March 24, 2022.

While the researchers discovered five possible attacks against user data relying upon an equal number of flaws, they all rely on stealing and deciphering an RSA key.

MEGA is unaware of any compromised user accounts or data by exploiting the discovered flaws. However, this finding creates a dent in the service's data security promises.
MEGA has fixed the two vulnerabilities that can lead to user data decryption on all clients (RSA key recovery and plaintext recovery), mitigated a third one (framing), and plans to address the remaining two of the discovered issues in upcoming updates.

The fixes aren't perfect countermeasures, but they don't impact user experience and don't require users to re-encrypt their stored data, change their password, or create new keys.
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
565
I have this now in some of my folders. Old junk files nothing important but would have been upset if it was!
Mega.jpg
 

upnorth

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,960
Whether this reference to the no-extradition-deal betrayed what was really on Dotcom’s mind is up for debate but whatever the motivation, he’s not letting it go. In a tweet posted yesterday, he again informed his 850K+ followers that the company he founded “is not safe” and people who think that their files are unreadable by Mega are wrong.

Shortly after, Dotcom delivered another message, one even darker in tone. It targeted Mega, the company he co-founded and where his colleagues still work. It’s possible to interpret the tweet in several ways but none seem beneficial to his former colleagues, Mega, or its users. “In addition to security vulnerabilities a comprehensive report about mass copyright infringement on Mega with millions of active links and channels is in the works,” The production of a copyright infringement report related to Mega or Megaupload is something usually associated with Dotcom’s rivals. Back in 2014, a NetNames report did just that and was met with a fiery response from Dotcom’s former company.

In this case, however, Dotcom claims the aim of the new infringement report is to bathe Mega and Megaupload in the same light, to benefit them both. By showing their similarities, the report will demonstrate that “Mega is still like Megaupload, a perfectly legal dual use technology.” Whether technology is indeed the crux of this particular problem is up for debate.
But perhaps the most worrying thing about this new complication in an escalating dispute is its potential to affect the minority of users that actually store infringing files on Mega. Any detailed report of “mass copyright infringement” will draw negative attention directly to them, especially if the report includes active hyperlinks as Dotcom suggests.

Couple that with Dotcom’s allegations that the content of user files can be read, any conclusion that this upcoming infringement report hasn’t been thought through from a user perspective can be easily forgiven. That certainly wasn’t the case when users were invited to join the privacy-focused site when it launched. “Let them look at Mega. There’s nothing to see (because) it’s all encrypted,” Dotcom told Reuters in 2014, scoffing at the prospect of another Hollywood lawsuit.

But even if user files can’t be read in the way Dotcom suggests, a detailed report of live, infringing links on Mega still raises issues for users. When Mega-hosted files are shared publicly, their links carry the necessary information to access the content and those files can be traced right back to user accounts.