MEGA: Malleable Encryption Goes Awry

In this talk, I present five attacks on the user-controlled end-to-end security MEGA. Our attacks show that a malicious provider can break authentication and compromise file confidentiality and integrity.

The presentation slides are available here.