Back to Blog

Evaluating the security of encrypted file storage

4.9 (87)

Potential risks to data kept in Sync, pCloud, and other encrypted Dropbox alternatives.

AVIF image format comparison

Cloud storage platforms such as Dropbox and OneDrive are undeniably convenient. The catch, however, is that your files stored online can potentially be accessed by hackers, government agencies, or even the hosting provider itself. A safer option is encrypted cloud storage, often referred to as end-to-end encryption (E2EE) — similar to the way Signal or WhatsApp protect messages. In theory, your files are encrypted on your device before being uploaded, and the keys never leave your possession. Not even the service provider should be able to access them. But does this promise hold up in practice?

Swiss-cheese encryption

The Applied Cryptography Group at ETH Zurich analyzed the encryption methods of five well-known storage services: Sync.com, pCloud, Icedrive, Seafile, and Tresorit. In each one, researchers uncovered implementation flaws that allowed, to varying degrees, tampering with files or even exposure of unencrypted fragments. Previously, they had also discovered weaknesses in two other providers — MEGA and Nextcloud.

All of the identified attacks rely on a compromised server. The idea is that attackers either breach the hosting servers directly or reroute traffic so the victim connects to a rogue server impersonating the real one. If successful, the intruders could potentially:

  • Sync.com: insert files and folders, alter filenames and metadata, distribute new encryption keys that let attackers decrypt later downloads, and abuse the sharing feature to access any shared file.
  • pCloud: upload malicious files, move or rename data, delete parts of files, and decrypt newly downloaded content.
  • Seafile: downgrade the protocol to weaker versions, brute-force passwords, tamper with stored data, or alter metadata.
  • Icedrive: build files out of fragments from other uploads, change file names and paths, or reorder stored chunks.
  • Tresorit: manipulate stored metadata, including author information.
  • Nextcloud: interfere with encryption keys, allowing downloaded files to be decrypted.
  • MEGA: recover keys to decrypt all files and even insert incriminating content.

While such attacks are technically demanding, they’re not beyond reach. Given recent breaches at Microsoft and Twilio, the risk of a major cloud provider being compromised is very real. True E2EE should therefore remain resilient even against malicious server activity.

The services reviewed do employ established algorithms such as AES and RSA, and their E2EE claims appear genuine. The real challenge lies in balancing strong encryption with collaborative features like file sharing and co-editing. Designing solutions that fully address issues such as compromised encryption keys is still an open problem. Of all providers tested, Tresorit currently fares the best.

Interestingly, researchers found that the same types of mistakes were made independently by multiple providers, highlighting how complex and nuanced secure implementation really is. What the industry needs is a standardized, peer-reviewed protocol for encrypted storage — something akin to TLS for websites or the Signal Protocol for messengers.

Costly fixes

The main challenge with patching these vulnerabilities is that fixes often require not only updating applications and servers but also re-encrypting user files. This process is expensive and requires user cooperation, making quick solutions unlikely. As a result, updates have been slow:

  • Sync.com responded only after media coverage, eventually promising fixes but without a timeline.
  • Tresorit pledged to release a fix in 2025, though their issue is less severe.
  • Seafile patched protocol downgrade flaws but did not address other weaknesses.
  • Icedrive chose not to act on the reported issues.
  • pCloud initially ignored researchers, later dismissing the threats as theoretical.
  • Nextcloud rolled out a new encryption model in version 3.12, though its resilience is yet to be studied.
  • MEGA added client-side checks, reducing attack feasibility.

What users should do

While the flaws are real, they’re not easy for ordinary cybercriminals to exploit at scale. Instead of panicking, users should carefully evaluate their own situation:

  • How sensitive is the stored information, and how attractive is it as a target?
  • How much data do you keep in encrypted storage, and how easily could you migrate?
  • Do you rely heavily on collaboration and sharing features?

If collaboration isn’t essential and the data is highly sensitive, the safest move is to use local encryption. This could mean placing files in an encrypted container or password-protected archive before uploading. That way, you stay in full control of your keys.

If collaboration is necessary and your storage size is moderate, consider switching to a provider that performed better in ETH Zurich’s tests — with Tresorit leading the way, but MEGA and Nextcloud also being reasonable options.

For other providers, adopt extra caution: avoid storing your most critical data, keep apps updated, check your cloud accounts regularly, and clean out unnecessary files.

And finally, remember: the most likely threat is still malware or info-stealers on your own devices. That means encrypted storage should always be paired with comprehensive protection across all PCs and smartphones.