Boxcryptor is a software developed by Secomba GmbH which focuses on protecting files stored on external cloud providers by over-encrypting the files and even the file names to prevent the cloud provider from accessing the data within the said files, while still allowing synchronisation with multiple devices. Usage of Boxcryptor gives their customers the peace of mind that their data is private while being stored on a cloud provider’s systems.
In this short post we’ll talk specifically about the work we performed. For a more in-depth overview as well as motivations and benefits from the perspective of the Boxcryptor team, you can read about it on the Boxcryptor blog.
Kudelski Security was hired to perform a security audit of the Windows Boxcryptor application. We focused on the cryptographic functionalities of the code and implementation of security best practices.
We analysed the provided code, which uses standard library functions and standardized methods as often as possible and we notably covered the following main components among others:
- Secomba.Common: contains most notably the cryptographic operations
- Secomba.Common.Net45: which is mostly a proxy to the crypto provider
- Boxcryptor.Core: contains actual encryption logic, has high level APIs and does the PKI management
- Boxcryptor.Desktop: contains the file operations, including bulk ones and read/write operations.
We notably looked for
- General code safety and susceptibility to known vulnerabilities
- Poor coding practices and unsafe behaviour
- Leakage of secrets or other sensitive data through memory mismanagement
- Susceptibility to misuse and system errors
- Error management and logging
- Security levels of the cryptographic primitives and their parameters
- Proper implementation of the documented protocol phases
We reported the following in our public report:
- 1 security issues of medium severity
- 2 security issue of low severity
- 6 observations related to general code safety
Download the full report here:
As a result of our audit, we did not find any critical shortcomings in the reviewed components.
Secomba quickly patched all the problems we identified and let us review their changes in order to confirm their effectiveness. They will also monitor the state of the art in term of ORAM setups, and are planning to add effective integrity checks in the future.
Notice that we did not find any evidence of malicious intent, flawed logic or potential backdoors in the codebase.
We would like to thank Secomba GmbH for trusting us, for their availability and the pleasant collaboration throughout the audit!