Wednesday 23 January 2013

Mega awesome? or Mega insecure?

If you keep up with tech news at all, you’ve probably heard a lot about Kim Dotcom’s new cloud service, Mega.

Before the launch, Mega’s founders hailed the system as employing thorough encryption and security, but now, only a week after launch, analysts are coming out of the woodwork criticizing serious security flaws with the service.

Just a little bit of irony from ars technica

A lot has been written, but here’s the breakdown:

What is it?

If you’re unfamiliar, Mega is the successor to Dotcom’s government-seized MegaUpload. Basically, it’s a cloud storage service.

What makes Mega different from competitors like Google Drive, Dropbox, and Microsoft SkyDrive, is the fact that Mega encrypts files on the users’ side and stores the encrypted information rather than the actual files – the benefit being that nobody except the user knows what any of the files actually are.

This encryption format is a response to last year’s MegaUpload debacle where the U.S. government seized all stored content and has yet to return access to users. Furthermore, user-side encryption keeps everyone, except the subscriber, in the dark regarding what content is being stored. Dotcom said this allows Mega to use a larger number of server companies (who would otherwise have issues with hosting pirated content) and thus ensures the FBI won’t seize users’ data.

It should also be mentioned that this style of encryption covers Dotcom’s own butt. Were he to be charged – as he is currently in relation to MegaUpload – he could easily, and accurately, claim he had no idea what content was being stored by his service.

What’s with the security stuff?

Pre-launch, Mega’s super-tight security was the talk of the town. Given his company’s previous problems with authority, a tight grip on security made sense.

Unfortunately, it’s looking like more security was placed around the company than the users. Only a week into operations, several analysts have already located and begun exploiting some major holes.

Chief among the security sins, Marcan (a member of fail0verflow) said, is the hashing of files using the cryptographic technique known as cipher block chaining message authentication code -- better known as CBC-MAC – which, as the name implies, is meant to authenticate messages rather than be used as a hashing function. "A few people have asked what the correct approach would've been here," he said. "The straightforward choice would've been to use SHA1, though MD5 or SHA256 -- for the more paranoid -- would also have worked well." Basically, the content hosted on Mega, though encrypted, is using weak keys that could easily be intercepted and cracked. 
Thanks to using CBC-MAC, however, the Mega service is vulnerable to having uploaded files intercepted. "If you were hosting one of Mega's CDN [content delivery network] nodes (or you were a government official of the CDN hoster's jurisdiction), you could now take over Mega and steal users' encryption keys," Marcan said. "While Mega's sales pitch is impressive, and their ideas are interesting, the implementation suffers from fatal flaws. This casts serious doubts over their entire operation and the competence of those behind it." [InformationWeek]

But here’s the rub. From what we can see, the encryption isn’t about content security. After all, Mega is designed, unofficially, to host pirated content, not business and trade secrets. Even weak encryption gives the company a way out should they ever be charged as pirates.

And that’s not all. A security researcher named Steve “sc00bz” Thomas discovered that password confirmation emails from Mega include plain-text hashed copies of users’ passwords.

Hashing is a common technique for encrypting passwords. When looking at a hash, instead of seeing “password1234” you would see something like “qi8H8R7OM4xMUNMPuRAZxlY".

Since emails generally travel without encryption, anyone could snag the message off a network and simply use a brute-force attack (random guessing of common words) to crack the hash. If your password is something stupid like, “password”, or “mylittlepony”, a brute force attack can crack it in no time. If you’re smart and use something like “fd3kie?ba”, the brute force attack will likely take until the end of time.

In other words, Mega’s user security depends almost entirely on the strength of a user’s password… which, as of this writing, cannot be reset by the user should it become compromised. Splendid.

What now?

Good question, nobody’s really sure. U.S. authorities have already said they’re ready to come at Dotcom with more charges pertaining to Mega, but with the format of his new endeavor, those might be tough to serve.

For now, if you decide to use the service, just keep in mind that your information, while encrypted, could be vulnerable. And as always, use a strong password!

No comments:

Post a Comment