Researchers from ETH Zurich discovered severe cryptographic vulnerabilities in multiple end-to-end encrypted cloud storage platforms, which could lead to data leaks and unauthorized access.
The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext, impacting multiple providers similarly.
Analysis of five major providers like Sync and pCloud revealed that malicious servers can breach confidentiality, inject files, and tamper with content, indicating common cryptographic failures.
These attacks exemplify a broader issue within end-to-end encrypted platforms, where flaws in user key authentication processes create pathways for sophisticated exploits by adversaries.
Collection
[
|
...
]