Economy

Sharehoster Mega: Security researchers actually decrypt protected data

by
Sharehoster Mega: Security researchers actually decrypt protected data

Security researchers at ETH (Swiss Federal Institute of Technology) in Zurich have uncovered flaws in the end-to-end encryption of share hoster Mega. By taking advantage of the vulnerabilities, operators or attackers can view encrypted files under certain conditions.

Indeed, end-to-end encryption must guarantee that only the rightful owner can decrypt their files. Neither operator can read through its infrastructure in plain text and attackers are also turned off – if the required cryptographic operations are implemented correctly.

problem solved. But only temporarily?

Security researchers explain on a websiteNot so with the Mega. The bug is found in a problematic cryptography implementation. In a statement, Mega StatesTo at least partially solve the problem. More patches to follow. There have been no such attacks so far.

Security researchers confirm that, for example, it is no longer possible to access private keys using their method. According to him, however, the non-optimal implementation remains and further attacks may be profiled through other routes.

The mega-client receives authentication and encryption keys from the user’s password. Among other things, the encryption key encrypts other keys, for example for chat functions and file access. To ensure access from multiple devices, the private key is encoded on the MEGA server.

Since the keys have no integrity protection, security researchers said they intervened in a manipulative manner. This enabled them to draw conclusions about prime numbers during the data exchange of session IDs. After 512 login attempts with the password, they were able to reconstruct the private key bit by bit using an RSA key recovery attack.

READ  Data from VW, Tesla, Renault: long-lasting electric car batteries > teslamag.de

However, to be able to do so, access to the mega server infrastructure must be provided. The operator could theoretically decrypt files or attackers in a man-in-the-middle situation.

Therefore operators or attackers can access the information in plain text. It is also conceivable that attackers could manipulate files stored by users or even impose files infected with malicious code on victims that pass authenticity checks. In their detailed report, security researchers explain other attacks and describe possible attack scenarios.,


(of)

on home page

0
Thalia Vaughn
Written By
More from Thalia Vaughn
Tesla launched its Model 3. ended the golf era with
yu u illu lpl ple zuuelp-butel np evel 6lepu payolheupwell: blep lpl...
Read More

You may also like

t3n - Digital Pioneer | magazine for digital business
t3n – Digital Pioneer | magazine for digital business
Aus Angst vor Rot-Rot-Grün: Deutsche Millionäre flüchten mit ihrem Vermögen in die Schweiz
German millionaire flees to Switzerland with his fortune – RT DE
Discounter offers hybrid meat at all branches
Discounter offers hybrid meat at all branches
Leave a comment

Your email address will not be published. Required fields are marked *