File-sharing platforms not protecting against malicious content
Cybersecurity company Surfshark has reviewed popular file-sharing platforms and finds that the majority of them don’t scan your files for viruses, nor do they protect you from malicious software on their free plans.
Box and WeTransfer, which together have a total of 138 million registered users, do not scan for viruses on free plans but begin scanning files on paid plans. Dropbox, with 700 million registered users, does not offer scanning at all.
Apple’s iCloud, which has 900 million active users, does not scan files during upload or download, but instead relies on Apple device security. While this approach works within Apple’s ecosystem, problems may arise when using iCloud cross-platform. For example, when using iCloud on Windows, it is possible to upload malicious files, which could later be downloaded onto another Windows device.
“In our recent study, we found out that highly popular free file-sharing platforms don’t protect your downloaded files from viruses or malicious software (ransomware). I must highlight the fact that viruses and ransomware haven’t gone anywhere -- they are still widely used by cybercriminals, and there is a real risk to compromise your devices by downloading infected files,” says Martynas Dainys, senior VPN service manager at Surfshark.
This research comes ahead of regulations being developed and implemented in real-time by the UK which might elevate proactive scanning to a new level. Relying on the Online Safety Act 2023, the UK may oblige user-to-user platforms -- including file-sharing services -- to proactively scan and identify illegal and harmful content shared by users.
James Baker, platform power and free expression program manager at the Open Rights Group, warns of the dangers of this approach, “Universal mass scanning of all files shared between people would be an unprecedented expansion of mass surveillance powers. The scale of such scanning would result in many false positives, and innocent people having their content flagged, removed, or even their accounts banned.”
You can see the full research on the Surfshark site.
Image credit: stevanovicigor/depositphotos.com