‘Researchers Reverse-Engineer the Dropbox Client’

Michael Kassner reporting on the reverse-engineering of the Dropbox client:

The paper goes to great lengths explaining how Dhiru and Przemyslaw successfully gained access to a victim’s Dropbox account and files. The two also mentioned in the paper with each new version of Dropbox, developers were able to harden the client’s security, which in turn eliminated one or more attack vectors.

Essentially they figured out how Dropbox auto-authenticates you into Dropbox.com when you click the link to launch the website from the app. What always worries me about these types of hacks, the same as Kassner worries, is how long they have been in the wild without anyone knowing.

I don’t feel nearly as optimistic about Dropbox security as Gabe does. It feels to me that the better target for hackers now is services like iCloud, Dropbox, and SkyDrive instead of attacking OSes. Why bother attacking a physical machine running Windows or OS X, if you can instead target a service that stores the actual files for millions of physical machines?

I feel like this is just a tip of a very large iceberg surrounding cloud file storage.

Become a Member

This site is 100% member supported and free of advertising. Members receive access to exclusive weekly content: iPad Productivity Report, videos, and the best products listing.

Join Now

Already a member? Please sign in.

Article Details

Published
by Ben Brooks
1 minute to read.


tl;dr

Michael Kassner reporting on the reverse-engineering of the Dropbox client: The paper goes to great lengths explaining how Dhiru and Przemyslaw successfully gained access to a victim’s Dropbox account and files. The two also mentioned in the paper with each new version of Dropbox, developers were able to harden the client’s security, which in turn […]