If you keep up with tech news at all, you’ve
probably heard a lot about Kim Dotcom’s new cloud service, Mega.
Before the launch, Mega’s founders hailed the
system as employing thorough encryption and security, but now, only a week
after launch, analysts are coming out of the woodwork criticizing serious
security flaws with the service.
|
Just a little bit of irony from ars technica |
A lot has been written, but here’s the breakdown:
What is it?
If you’re unfamiliar, Mega is the successor to
Dotcom’s government-seized MegaUpload. Basically, it’s a cloud storage service.
What makes Mega different from competitors like
Google Drive, Dropbox, and Microsoft SkyDrive, is the fact that Mega encrypts
files on the users’ side and stores the encrypted
information rather than the actual files – the benefit being that nobody
except the user knows what any of the files actually are.
This encryption format is a response to last
year’s MegaUpload debacle where the U.S. government seized all stored content
and has yet to return access to users. Furthermore, user-side encryption keeps
everyone, except the subscriber, in the dark regarding what content is being
stored. Dotcom said this allows Mega to use a larger number of server companies
(who would otherwise have issues with hosting pirated content) and thus ensures
the FBI won’t seize users’ data.
It should also be mentioned that this style of
encryption covers Dotcom’s own butt. Were he to be charged – as he is currently
in relation to MegaUpload – he could easily, and accurately, claim he had no
idea what content was being stored by his service.
What’s with the security stuff?
Pre-launch, Mega’s super-tight security was the
talk of the town. Given his company’s previous problems with authority, a tight
grip on security made sense.
Unfortunately, it’s looking like more security
was placed around the company than the users. Only a week into operations,
several analysts have already located and begun exploiting some major holes.
Chief among the security sins, Marcan (a member
of fail0verflow) said, is the hashing of
files using the cryptographic technique known as cipher block chaining
message authentication code -- better known as CBC-MAC – which, as the
name implies, is meant to authenticate messages rather than be used as
a hashing function. "A few people have asked what the correct
approach would've been here," he said. "The straightforward choice
would've been to use SHA1, though MD5 or SHA256 -- for the more paranoid --
would also have worked well." Basically, the content hosted on Mega, though
encrypted, is using weak keys that could easily be intercepted and cracked.
Thanks to using CBC-MAC, however, the Mega
service is vulnerable to having uploaded files intercepted. "If you were
hosting one of Mega's CDN [content delivery network] nodes (or you were a
government official of the CDN hoster's jurisdiction), you could now take over
Mega and steal users' encryption keys," Marcan said. "While Mega's
sales pitch is impressive, and their ideas are interesting, the implementation
suffers from fatal flaws. This casts serious doubts over their entire operation
and the competence of those behind it." [InformationWeek]
But here’s the rub. From what we can see, the
encryption isn’t about content security. After all, Mega is designed,
unofficially, to host pirated content, not business and trade secrets. Even
weak encryption gives the company a way out should they ever be charged as
pirates.
And that’s not all. A security researcher named
Steve “sc00bz” Thomas discovered that password confirmation emails from Mega
include plain-text hashed copies of users’ passwords.
Hashing is a common technique for encrypting
passwords. When looking at a hash, instead of seeing “password1234” you would
see something like “qi8H8R7OM4xMUNMPuRAZxlY".
Since emails generally travel without encryption,
anyone could snag the message off a network and simply use a brute-force attack
(random guessing of common words) to crack the hash. If your password is
something stupid like, “password”, or “mylittlepony”, a brute force attack can
crack it in no time. If you’re smart and use something like “fd3kie?ba”, the
brute force attack will likely take until the end of time.
In other words, Mega’s user security depends
almost entirely on the strength of a user’s password… which, as of this
writing, cannot be reset by the user should it become compromised. Splendid.
What now?
Good question, nobody’s really sure. U.S.
authorities have already said they’re ready to come at Dotcom with more charges
pertaining to Mega, but with the format of his new endeavor, those might be
tough to serve.
For now, if you decide to use the service, just
keep in mind that your information, while encrypted, could be vulnerable. And as
always, use a strong password!