Fancy yourself a good hacker? Then break pCloud’s encryption and get $100k for it!


This is a guest post by James Burbank

The issue of security in cloud computing is one that is among the most talked about when it comes to cloud computing. Simply put, many people are still not convinced that cloud storage services are secure enough for them to store their most sensitive data. In reality, cloud storage service providers are constantly improving their security protocols, working towards a 100% secure solution.

Earlier this year, one of the most interesting new cloud storage services based in Switzerland, pCloud issued a challenge to hackers and anyone who might feel like one to break their client-side encryption software that they use to protect the personal data uploaded by their users.

The challenge commenced on January  1, extending the original challenge which lasted for three months in 2015, during which more than 2,200 people attempted to hack their encryption, none of which succeeded. Among the people who attempted to break the challenge were teams from MIT and Berkeley.

Back in late September, the challenge was announced quite confidently, with the following statement from the pCloud people:

We are confident that we have built client-side encryption software that nobody can hack. So, we are willing to give $20,000 away (or the equivalent in Bitcoin) to anyone who breaks into it. Our file encryption system was audited by Mnemonic and their report confirms we have done a great job! With pCloud Crypto, the files of millions of users are truly safe.

According to the terms of the challenge, the participants were provided with an Email and a Password that they could use to log in from the device of choosing. This account contained an encrypted folder, literally the same to any encrypted folder uploaded by the average pCloud user. The challenge consisted of hacking into the encrypted folder and decrypting the data found inside.

If someone is to be successful, they only needed to send the contents of the folder to an email address, together with a detailed explanation of the approach used to hack the account. In order to make the challenge even easier, pCloud also provided additional information on their Mobile Crypto Implementation.

The interested parties were to be banned and excluded from the hacker challenge if it was discovered they used DDoS attacks or random guessing, as well as hacking other parts of the pCloud platform that had nothing to do with the challenge.

If successful, the hacker would receive the money in two installments, one half immediately after the hacking is confirmed and the other half after the non-disclosure period of 3 months expires.

Since no one succeeded in hacking their encryption first time around, the people from pCloud announced early in January that the challenge will continue, this time with the closing date of April 4, 2016. They also upped the ante by increasing the reward to $100,000. The conditions of the challenge remained the same.

If this has piqued your interest and if you believe you are the one who will be able to complete the challenge and take home the hundred grand, you can learn more about Crypto here.

Leave a Reply