"Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client. "We show that MEGA's system does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files," the researchers wrote on a website. With that, the malicious party can decipher stored files or even upload incriminating or otherwise malicious files to an account these files look indistinguishable from genuinely uploaded data. The authors say that the architecture Mega uses to encrypt files is riddled with fundamental cryptography flaws that make it trivial for anyone with control of the platform to perform a full key recovery attack on users once they have logged in a sufficient number of times. Research published on Tuesday shows there's no truth to the claim that Mega, or an entity with control over Mega's infrastructure, is unable to access data stored on the service. Third-party reviewers have been all too happy to agree and to cite the Mega claim when recommending the service. Even in the exceptionally improbable event MEGA's entire infrastructure is seized!" (emphasis added). In it, the company claims, "As long as you ensure that your password is sufficiently strong and unique, no one will ever be able to access your data on MEGA. Over the years, the company has repeatedly reminded the world of this supposed distinction, which is perhaps best summarized in this blog post.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |