Researchers from ETH Zurich have identified severe encryption vulnerabilities in several end-to-end encrypted cloud storage services, casting doubt on their security. An analysis of and revealed critical issues in four major services (, , , and ). It demonstrated how malicious servers could easily compromise user data through file injection, tampering, and direct access to plaintext. The only provider not significantly affected by these vulnerabilities was , which employed a more robust encryption structure.

The analysis focuses on five well-known providers——, , , , and , which collectively serve over million users, including prestigious institutions like the University of Toronto and the Canadian government. These services promise robust encryption protocols and even prevent service providers from accessing user data, but flaws were found in multiple aspects. Researchers uncovered ten attack vectors on these platforms, four of which directly impact file confidentiality, while others target file integrity and metadata.

Main vulnerabilities include:

• Key Replacement Attack: In and , an attacker can replace the encryption key with their own, thereby decrypting all future user data.
• Protocol Downgrade: Encryption protocols may be downgraded, leading to brute force attacks on user passwords.
• File and Metadata Tampering: Attackers can modify file names and metadata, and even swap files between directories without being detected in , , and .
• Malicious File Injection: and are particularly vulnerable to file injection attacks, where attackers can upload malicious files that appear to users as if they were uploaded by them.

The most affected companies include the Canadian company with over 10 million users and the Swiss provider with over 100 million users. Both services use end-to-end encryption but fail to verify keys, leaving room for attackers to swap encryption keys or inject files into users' storage. The vulnerability extends to the link-sharing mechanism, where decryption keys are embedded in the shared URLs, exposing sensitive files to the server.

, , and learned of these vulnerabilities in and proposed a standard day disclosure period. Although acknowledged the findings but chose not to address the issues, committed to patching the protocol downgrade vulnerability. As of , and have not responded to multiple attempts at contact.

The study highlights prevalent issues in cloud storage and indicates that many providers fail to deliver on their promise of zero-knowledge encryption. Despite positioning themselves as privacy alternatives to mainstream services like or , they still struggle to meet the security standards expected of a true solution. Researchers emphasize that cloud storage needs a unified standardized protocol, similar to the protocol used in secure messaging.

The authors proposed two primary measures to address the identified issues: firstly, conducting a more rigorous analysis of the storage system to better understand existing encryption weaknesses; secondly, developing standardized and robust protocols. Providers should also adopt authenticated encryption methods, secure key management, and stronger integrity checks to ensure that user data is truly protected from malicious servers. For users concerned about the security of cloud storage data, researchers recommend choosing providers with a reliable security track record and staying informed about the encryption safeguards of the selected service.