Mega Insecure: Kim Dotcom Defends Rebooted Megaupload Security

  /     /     /  
Publicated : 22/11/2024   Category : security


Mega Insecure: Kim Dotcom Defends Rebooted Megaupload Security


Proof-of-concept attack against sites encryption leads to questions over its actual security and privacy protections.



Can the new Mega file-sharing service from Megaupload founder Kim Dotcom be trusted to keep users data secure and hidden from prying eyes?
Twelve months ago, the Department of Justice
shut down Megaupload
and
sought the extradition
of key company officials from New Zealand to the United States to stand trial on copyright violation and racketeering charges. But on the anniversary of that takedown, this week Dotcom announced the launch of a new file-sharing site, titled simple Mega.
Dotcoms pitch for the new service is its use of on-the-fly encryption, to ensure that any data that users upload remains private. Without having to install any kind of application -- it happens in your browser in the background -- it encrypts, giving you privacy, Dotcom
told

The Wall Street Journal
. This means when you transfer data, anyone sitting on that line will get nothing as it is all scrambled and impossible to decrypt without your key. This is going to take encryption to the mainstream.
[ What is cyber warfare exactly, and how can we protect ourselves? Read more at
Uncertain State Of Cyber War
. ]
But numerous security experts have spotted what they say are serious security flaws in Megas use of encryption. Kim Dotcom pulled a Nintendo Wii. Mega has decent design ideas, but it has been poorly implemented by people clearly unfamiliar with basic cryptography, according to a
security analysis
published by Marcan, a member of the fail0verflow group.
Chief among the security sins, Marcan said, is the hashing of files using the cryptographic technique known as
cipher block chaining message authentication code
-- better known as CBC-MAC – which, as the name implies, is meant to authenticate messages rather than be used as a
hashing function
. A few people have asked what the correct approach wouldve been here, he said. The straightforward choice wouldve been to use SHA1, though MD5 or SHA256 -- for the more paranoid -- would also have worked well.
Thanks to using CBC-MAC, however, the Mega service is vulnerable to having uploaded files intercepted. If you were hosting one of Megas CDN [content delivery network] nodes (or you were a government official of the CDN hosters jurisdiction), you could now take over Mega and steal users encryption keys, Marcan said. While Megas sales pitch is impressive, and their ideas are interesting, the implementation suffers from fatal flaws. This casts serious doubts over their entire operation and the competence of those behind it.
The new Mega service was launched by the German-Finnish Dotcom, 39, together with three former Megaupload employees: chief technical officer, director, and co-founder Mathias Ortmann, 40; chief marketing officer Finn Batato, 38; and Bram van der Kolk, 29. All four remain on bail in New Zealand, where theyre continuing to fight the U.S. governments extradition request to answer charges that they illegally generating $175 million in profits and caused $500 million in damage to copyright holders. All four of the former Megaupload employees have said theyre innocent.
From a legal standpoint, the Megaupload case is highly unusual because U.S. prosecutors are pursuing criminal offenses against people charged with violating copyright law -- which is normally a civil offense -- as well as racketeering and money-laundering charges. According to
legal experts
, that strategy appears to have been employed because under New Zealand law, copyright offenses alone would not be sufficient to allow a suspect to be extradited.
Will the new Mega service avoid the widespread privacy that Megaupload allegedly fostered? To gain users, Mega must first prove its mettle, and the vulnerability spotted by Marcan is far from the only security flaw in the service thats been identified to date. For example, security researcher Steve Sc00bz Thomas has discovered that the confirmation emails that Mega sends to new customers contain password hashes in plaintext, as well as a link that contains the encrypted master key required to unlock any files the user has stored on Mega.
Thomas has released a tool,
MegaCracker
, which can extract passwords from the confirmation emails sent by Mega. Since e-mail is unencrypted, anyone listening to the traffic can read the message, Thomas
told
Ars Technica. It makes no sense to send a confirmation link with a hash of your password.
Beyond that security flaw, Megas
file-deduplication techniques
-- storing only one copy of a file, no matter how many users upload it -- have been criticized because an attacker could see which users were
storing the same file
.
Mega also uses
JavaScript
in the browser to encrypt files before transmitting them via the Internet, which isnt a new technique. Crooks have known this for years, with online malware toolkits like
Luckysploit
using JavaScript-based public key cryptography so that sniffed copies of its HTTP payloads cant be decrypted once the attack is over, said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a
blog post
.
But theres an inherent problem with in-browser encryption: Software random number generators are notoriously risky, said Ducklin. As a result, any small flaw could leave the encrypted data vulnerable to a trivial brute-force attack.
Dotcom has
responded to the security and privacy criticism
on the Mega site, noting that its security design will continue to evolve. In a Wednesday
Twitter post
, he also attempted to turn the security criticism to his advantage: We welcome the ongoing #Mega security debate & will offer a cash prize encryption challenge soon. Lets see what you got ;-).
Our 2012 State of Encryption Survey profiles the struggles most IT groups have when trying to manage encryption products. Simply put, the old adage that encryption is easy, key management is hard still holds. Read our
Five Keys To Painless Encryption
report to find out more. (Free registration required.)

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Mega Insecure: Kim Dotcom Defends Rebooted Megaupload Security