MEGA Security Breach 2022 [Explaining Its Zero-Knowledge Privacy]

MEGA is a cloud storage service that has long boasted of being zero-knowledge, meaning the company had no way of decrypting files stored on its servers. Unfortunately, a study by cryptographers in June 2022 found a significant vulnerability in the service’s encryption. This new MEGA security flaw theoretically allows the company to recover a user’s RSA private key and decrypt their files.

Key points to remember:

  • Cryptography researchers have exposed critical flaws and severe vulnerabilities in the way cloud storage service MEGA handles its users’ encryption keys.
  • MEGA has released a security patch, but researchers say that fully resolving the issue will require a complete overhaul of its system, phasing out legacy code, and issuing new keys for all user accounts, which will take months at best.
  • The attack relies on a high effort threshold on MEGA’s part, as a user’s RSA key pair must be specifically targeted.

Private encryption has always been a cornerstone of how MEGA presents itself to customers. This is not surprising as the private encryption not only enhances user data privacy but also serves as plausible denial regarding copyright infringement, which was the bane of MEGA’s predecessor, Megaupload.

It is therefore doubly troubling for MEGA that researchers have identified cryptographic flaws in its architecture, potentially allowing a malicious service provider (i.e. someone controlling MEGA’s infrastructure) to recover the master key. of a user and use it to decrypt user data stored on servers. .

Furthermore, the same attack would allow the attacker to insert chosen files into the user’s file storage, which would be identical to those uploaded by the user himself. Stick with us as we unpack what this means for users and for the future of MEGA.

  • Yes, MEGA is a secure service. No third party would be able to exploit MEGA’s encryption vulnerability.

  • Unfortunately no. While it’s probably unlikely that MEGA will try to access your files, the fact remains that it is theoretically possible, especially if the company is compelled by the authorities to target specific users.

  • MEGA claims this is not the case, but there’s really no way for us to answer that question with complete certainty. That said, circumventing MEGA’s encryption requires an attack on an individual user, so it seems unlikely to be something MEGA engages in.

  • Yes, regardless of this vulnerability, MEGA’s encryption is always end-to-end.

What is the MEGA 2022 security breach?

The security flaw relates to how MEGA’s RSA encryption mechanism handles attempts to access a user’s private key, which is stored in encrypted form on MEGA’s servers. The flaw is specifically related to the lack of integrity protection.

By breaking the encrypted private key, a internal MEGA attacker might be able to narrow down the possible keys on each login attempt. After enough successful logins – 512 to be exact – an attacker might end up with the real one.

For a more technical explanation, the authors of the article describe on their site:

“An entity controlling MEGA’s core infrastructure can tamper with the encrypted RSA private key and trick the customer into disclosing information about one of the key RSA module factors during the session ID exchange.

Specifically, the session ID that the client decrypts with the mangled private key and sends to the server will reveal whether the prime number is less than or greater than a contradictory chosen value.

This information allows a binary prime factor search, with a comparison per client connection attempt, allowing the adversary to recover the RSA private key after 1023 client connections. By using network cryptanalysis, the number of login attempts required for the attack can be reduced to 512.”

Tweet that

The document goes on to detail five different types of attacks, including:

  • RSA key attack with proof of concept
  • Plaintext scavenging attack
  • Framing attack
  • Integrity Attack
  • GaP-Bliechenbacher Attack

The exact details of how these attacks work are not important for our purposes here, but you can go to the research website linked above for detailed technical explanations from the researchers themselves.

decryption key encryption key prime factor guess

Authorized threat actors could potentially carry out a wide range of attacks that allow them to decrypt data or insert malicious files into a user’s cloud storage.

Can MEGA solve the problem?

MEGA has already released a fix, but the researchers had their own ideas about what the company should do to bolster its defenses. These range from intermediate ad hoc solutions that can be implemented quickly to a fundamental overhaul of MEGA’s architecture.

mega api infrastructure fixes

The researchers recommend a complete overhaul of MEGA’s cryptographic architecture to protect potentially compromised user accounts and stored data.

In order to implement the most comprehensive fixes, MEGA users should download and re-encrypt all their data.

That might not seem like a big deal, but given that MEGA stores north of 1,000 petabytes of data on its servers, the time required and the cost in terms of server fees would be astronomical. The researchers estimate that such a maneuver would take a minimum of six months, even under ideal circumstances.

MEGA Security Patch

The researchers notified MEGA of the flaw in March 2022. They suggested several large-scale solutions that would fix MEGA’s cryptography problem, but most of them would require a lot of effort and cost on MEGA’s part. .

Instead, MEGA has released a security patch that fixes the key recovery attack directly – instead of making drastic changes to its security architecture. It’s hard to say whether this completely fixes the problem or not, but the researchers note that this is an ad-hoc fix that falls well short of their proposed fixes.

Although this is the type of attack used in the proof of concept, the researchers described four other potential attack types that could be possible, including a plaintext scavenging attack, a framing attack, an integrity attack and a GaP-Bliechenbacher attack.

How secure is MEGA now?

While this flaw certainly takes a toll on the service’s image as a privacy-focused service, MEGA is still a secure cloud storage service. The newly discovered vulnerability requires control of the service’s infrastructure as well as significant efforts on the part of MEGA to take advantage of it.

That is, unless the targeted account has already logged in more than 512 times, which is probably a tiny fraction of the total user base. Even so, if you are one of the users who have logged in so many times, MEGA claims to have been unaware of this flaw and would not have monitored session IDs.

Whether you believe them or not is up to you.

That said, it’s not out of the question to imagine intelligence agencies or law enforcement twisting MEGA’s arm to target individual users.

Although the new security patch fixes the specific proof of concept developed by the researchers which could trigger a large number of login attempts very quickly, there are probably many other ways to achieve this if the attacker is MEGA itself. .

Is MEGA Zero Knowledge?

Ultimately, it’s hard to argue that MEGA is still considered a zero-knowledge service. It still uses end-to-end private encryption, and while decrypting user data would certainly require a lot more effort on MEGA’s part than Google or Microsoft, the fact remains that it has been theoretically proven possible.

How MEGA’s Security Flaw Affects Our Cloud Storage Service Ratings

Although the vulnerability is a serious blow to the service, we are still confident in recommending MEGA to most users, but now with a caveat regarding user privacy and its potentially flawed private encryption. The fact remains that even with this weakness, MEGA is still significantly more private than other more traditional services.

That said, we will update our reviews as well as our ratings to reflect the critical vulnerability reported by researchers, which means the service will take a hit on the privacy front in our reviews and articles.

Final Thoughts

This is all the information we have about the reported security vulnerability in MEGA’s architecture. If you fancy a deeper understanding of the technicalities, we highly recommend checking out the researchers’ website – or if you’re really hungry for detail, the article itself.

We hope we were able to shed some light on the problem and what it means for your MEGA account and downloaded files. What do you think of this development? Do you see this as an honest mistake on MEGA’s part, or a nefarious ploy to hide encryption issues from its users? Let us know in the comments below, and as always, thanks for reading.

Let us know if you liked the post. This is the only way to improve ourselves.



Comments are closed.