How to Leak a Private Key Into a Cloud Backup

The 3MOSAFE service uploads data to the cloud and then whenever you want to restore your account from another device, for example. And most remarkably, it also adds your contacts, including their nicknames. An attacker can just change their nickname and they can influence the content of the backup. The last one that we touched on briefly is the Jackie Chan version of the previous vulnerability. It involves compression before encrypting.