Can you trust your encrypted cloud? An assessment of SpiderOakONE's security

This talk presents the results of a security review performed back in late 2017 of the encrypted cloud storage application SpiderOak ONE.

The main motivation for this work was to examine to what extent the security claimed by the company, matched the security provided by the application. To that end, we developed two threat models and examined the security of SpiderOakONE in each of them. One model assumes the server does what it's supposed to, yet it will try to learn information by looking at the data its users are storing. The other model assumes the server may act inconsistently, by for sending wrong responses to the application during operation.

We found that in both cases, issues exist that partially or totally reveal the content of user's files to the server.

All issues that were found have been reported in a responsible manner and subsequently fixed.


Metadata

To be recorded?: Yes

URLs for Can you trust your encrypted cloud? An assessment of SpiderOakONE's security

No URLs found.


Instances

  • Sunday Aug. 11 15:00 - 16:00 at Speakers Tent

Speaker(s):