How would you feel if you got a messaging app that could protect your chats even from its own employees? Wonderful, right? Why not? If you think that would be the best solution for you if you need your chats.
Mega Chat | Cyber Attacks
Mega is a messaging App involving Chats, Voice Calls, and Video Calls. Moreover, it provides full protection over each kind of feature it offers. Unlike other Apps, it saves data on the cloud and that data is protected from everybody.
This feature even stops the company’s people from looking into the user’s personal chat or the sensitive data related to the user. In this way, protecting the user’s personal space becomes easy. This App is totally being used by 250 million users currently.
Although this app is giving these secure facilities, the researchers have found a default in this thing too. The organization claims itself with the name “Zero-knowledge” encryption service, relating to “Privacy by Design”.
|Note: The specialty they offered is that the Data user would save on the App will be secured with a key derived from the user’s password. Simply said – the password is the main encryption key. The company doesn’t have access to the user’s passcode or the data by any fair means.
What’s the Issue?
Based on the information gathered from ETH Zurich University:
“There are several security loopholes that can become the reason for stress, and anxiety. According to the UNI, these loopholes will allow the provider to decrypt and manipulate users’ data. Where the marketing department is stating completely opposite facts”.
What did “Cryptography Researchers,” say?
“After Analyzing Mega’s Source Code and Cryptographic Architect, they found 5 Vulnerabilities”.
Real Issue with “Encryption”
The researcher tried to do a security test over their own accounts on Mega. After trying the Brute Force Attack on the attack, they got one answer the Main Key plays the role of a significant weakness in the service.
The user gets the Authentication Key from his/ her own password. This key is used to encrypt all of the Media Content over the Account of the user. However, just because of Ciphertexts’ Integrity Protection, the key slightly tends to break the Confidentiality of the Master Key and access over the Encryption System.
Results from that
It allows several things to happen:
- Integrity Attacks
- RSA Key
- Plaintext Recovery Attacks
Due to this the establishment of an RSA Decryption Attack Vector takes place.
|How do the Attacks Take Place?cy
“It can create a massive destruction of Security Policy that will include Data Stolen, uploading Inappropriate Content, Locking Accounts to threaten the users”.
TEAM MEGA on the Issue
The findings were reported to MEGA on 24th, Mar 2022. Moreover, on the same day to fix Security Loopholes, the solutions were proposed. Well, when the person proposed these things to MEGA, MEGA decided to do that in its own way.
According to Researcher:
The Initial Bugs with RSA Key were fixed. MEGA gave an explanation and said – some of the bugs are fixed that were found and others will be getting their patch sooner. According to MEGA, only the users that have Logged in max 512 have this risk. Moreover, it won’t involve resuming Existing Sessions.
To attack because of Cryptographic Flaws, cybercriminals will be needing “control over the heart of Mega’s Server Infrastructure. If not, they must get access via a manipulator-in-the-middle attack on the User’s Transport Layer Security connection to MEGA. These vulnerabilities affected MEGA’s Repo among its users.
Cyber Security is in “Demand”
As you can see, if the vulnerabilities wouldn’t get in front of the researchers, it could’ve got the User’s Data in trouble. Think, if you were in the same place as those users what could’ve happened to your own data?
To keep yourself safe from such things you should learn about these things in the first place. If you have any interest in learning how to handle situations related to Mobile Application Security, you can join courses available in the Market.
You’d say, as if, I’d do. However, this could be a great chance to learn about something new. You know that in most of the houses you’d get every person handling their own smart devices including Mobile Phones.
Plus, most families do have access to the Internet. So, these threats are common to happen to them. If you get to know the ways to detect those vulnerabilities and protect against them, you can even earn a decent salary package for that.
Most companies need experts like them, and you can be one of them playing the role of a responsible person on a respective post/ designation. Craw Security is introducing a Mobile Application Security Course in Delhi after 12th.
If you’re interested in this course, you can join and the most amazing thing is that unlike other institutions Craw Security even provides Online Sessions. You’d be able to get a world-class learning experience with the best-qualified trainers under the same roof as other students with the same interest and ambitions.
What are you waiting for? Enroll, Now!
Kindly Read More articles :