Researchers Discover Ways To Break Encryption Of “MEGA” Cloud Storage Service

A new study by academics from ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be exploited to break the confidentiality and integrity of user data.

In an article titled “MEGA: Malleable Encryption Goes Wrong“, the researchers point out that MEGA’s system does not protect its users against a malicious server, thus allowing a malicious actor to fully compromise the confidentiality of the downloaded files.

“Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choosing that pass all customer authenticity checks,” said Matilda Backendal, Miro Haller, and Kenneth G. Paterson of ETH Zurich in an analysis. of the cryptographic architecture of the service.


MEGA, who advertises itself as a “privacy company” and claims to provide user-controlled end-to-end encrypted cloud storage, has over 10 million daily active users, with over 122 billion files uploaded to the platform to date.

cyber security

The main weakness is a RSA Key Recovery Attack which allows MEGA (itself acting maliciously) or a resourceful nation-state adversary controlling its API infrastructure to recover a user’s RSA private key by forging 512 login attempts and decrypting the stored content.

“Once a targeted account had made enough successful logins, incoming shared folders, files, and MEGAdrop chats could have been decryptable,” said Mathias Ortmann, Chief Architect of MEGA, said in response to findings. “Files in the cloud drive could have been successively decrypted during subsequent connections.”

MEGA cloud storage service

The recovered RSA key can then be expanded to make room for four more attacks –

  • Plaintext scavenging attackwhich allows MEGA to decrypt node keys – an encryption key associated with each uploaded file that is encrypted with a user’s master key – and use them to decrypt all user communications and files .
  • Framing attackin which MEGA may insert arbitrary files into the user’s file storage which are indistinguishable from those actually downloaded.
  • Integrity Attacka less stealthy variant of Framing Attack that can be exploited to forge a file in the victim’s name and place it in the target’s cloud storage, and

“Each user has a public RSA key used by other users or MEGA to encrypt owner data, and a private key used by the user themselves to decrypt data shared with them,” explained Researchers. “With that [GaP Bleichenbacher attack]MEGA can decrypt these RSA ciphertexts, although it requires an impractical number of login attempts.”

In a nutshell, attacks could be weaponized by MEGA or any entity controlling its core infrastructure to download similar files and decrypt all files and folders owned or shared with the victim as well as chat messages exchanged.

cyber security

The shortcomings are serious because they undermine MEGA’s supposed security safeguards, prompting the company to release updates to address the first three of five issues. The fourth Integrity Violation vulnerability is expected to be addressed in a future release.

Regarding the Bleichenbacher-type attack against MEGA’s RSA encryption mechanism, the company noted that the attack is “difficult to perform in practice as it would require approximately 122,000 customer interactions on average” and that it would remove legacy code from all of its clients.

MEGA further emphasized that it is not aware of any user accounts that may have been compromised by the aforementioned attack methods.

“The reported vulnerabilities would have caused MEGA to become a bad actor against some of its users, or could only have been exploited if another party compromised MEGA’s API servers or TLS connections unnoticed,” Ortmann pointed out.

“Attacks […] result from unexpected interactions between seemingly unrelated components of MEGA’s cryptographic architecture,” the researchers explained. “They allude to the difficulty of maintaining large-scale systems using cryptography, especially when the system has a scalable set of features and is deployed across multiple platforms. “

“The attacks presented here show that it is possible for a motivated party to find and exploit vulnerabilities in real-world cryptographic architectures, with devastating security results. It is conceivable that systems in this category attract adversaries who are willing to invest significant resources in compromising the service itself, increasing the plausibility of high complexity attacks. »

We would love to thank the author of this short article for this awesome web content

Researchers Discover Ways To Break Encryption Of “MEGA” Cloud Storage Service

You can view our social media profiles here , as well as other pages on related topics here.