Security researchers say Dropbox can be hacked

[Scubie67]

Two security experts presented their work in which they have detailed the method to intercept SSL communications service. They said they had been able to proceed decompiling and deciphering source code of Dropbox.

Dhiru Kholia and Przemyslaw Wegrzyn, two security experts reveal a note (.pdf) in which they indicate the manner in which they were able to bypass the security measures of the storage tool and file sharing in the cloud called Dropbox. And they explain that they could intercept data from the servers of the service.

Student in the executable application, said they had decompiled source code of Dropbox to study the contours. After this, they were able to intercept SSL communications from the Dropbox servers and add a bypass of two-factor authentication that may be possible.

"We have described a method to bypass the security on two-factor authentication of Dopbox accounts. But it is actually relatively generic techniques to intercept data via code injection methods" specify Dhiru Kholia and Przemyslaw Wegrzyn.

In their announcement, hackers hope that the data storage service in the future will be more open to certain risks and safety practices known as reverse engineering.

[Damiano]

They were able to decode the application executable, which actually includes a set of files written in Python, launched by an embedded interpreter. They then deciphered the code, which was defaced by obfuscation techniques source. Once this is done, they discovered how to intercept SSL communications from the Dropbox servers, how to bypass two-factor authentication used and how to develop an open source client alternative to the one provided by the company. The techniques used are described in a publication that was presented in the context of Woot'13 Usenix Conference.