Researchers from ETH Zurich, Jonas Hofmann and Kien Tuong Truong uncovered significant security flaws in five popular end-to-end encrypted (E2EE) cloud storage providers.
According to their research, Sync, pCloud, Icedrive, Seafile, and Tresorit, which collectively serve over 22 million users and manage billions of files, are vulnerable to a set of security issues that could expose user data to malicious actors.
These services promote their “zero-knowledge encryption,” ensuring that only users, not providers, control access to data. However, the research reveals that, in practice, many of these promises are misleading due to flawed implementations.
The analysis was based on the threat model of an attacker controlling a malicious server that can read, modify, and inject data at will, which is realistic for nation-state actors and sophisticated hackers.
The researchers assessed the cloud storage providers under a malicious server setting, where an attacker has complete access to the provider’s infrastructure and can tamper with stored data. However, four of the five providers exhibited severe cryptographic weaknesses, including poor encryption practices, metadata tampering, and the potential for key manipulation attacks.
Summary of the providers analysed, with the attacks and leakages that affect them. |
Core Issues Identified:
- Unauthorized Key Manipulation: Sync and pCloud allow attackers to inject unauthorized encryption keys, giving them access to future data uploads. pCloud’s use of weak symmetric encryption also allows adversaries to overwrite user keys with attacker-controlled ones.
- Downgrade Attacks: Seafile allows attackers to downgrade encryption protocols, exposing users to brute-force attacks.
- Link Sharing Flaws: Sync’s link-sharing mechanism sends decryption passwords back to the server, compromising confidentiality.
- File Tampering and Chunk Manipulation: Icedrive, Seafile, and pCloud suffer from weak encryption modes, enabling partial content manipulation and the unauthorized reordering of file chunks.
- Metadata and Directory Manipulation: The providers do not protect metadata cryptographically, enabling attackers to alter timestamps, file names, and storage locations.
Implications and Impact
The study underscores the systemic nature of these vulnerabilities. Even as cloud providers market E2EE solutions as foolproof, the research demonstrates that attackers can bypass protections using practical methods.
These flaws pose a threat not just to individual users but also to government agencies, enterprises, and NGOs relying on these platforms to store sensitive information.
For example, Sync and Nextcloud are used by Canadian government agencies, while Tresorit serves clients such as SAP and Allianz.
Coordinated Disclosure and Responses
The research team followed ethical disclosure practices, notifying the vendors of the vulnerabilities in April 2024.
While Seafile and Icedrive responded promptly, only Seafile committed to patching the downgrade issue. Sync and pCloud have yet to respond, raising concerns about their commitment to addressing these security risks.
Recommendations
Researchers have advised for industry-wide reforms, recommending that vendors:
- Adopt standardized encryption protocols to avoid cryptographic pitfalls.
- Implement robust metadata encryption and binding between file contents and their attributes.
- Ensure authentication of keys and enforce strict public key infrastructure (PKI) mechanisms.
Researchers also recall previous research work that exposed flaws in MEGA and Nextcloud, reinforcing the need for comprehensive standards across E2EE cloud services. Without these changes, users are left vulnerable to malicious attacks that could compromise data privacy and integrity.
Until providers address these cryptographic shortcomings, the ecosystem will remain vulnerable to both malicious actors and unintentional design flaws. You can check the research paper [PDF version] here.