Two Hackers Say They Have Broken Dropbox Security

Two computer security specialists have presented work in which they detail a method to intercept SSL communications. They point at the same time being able to break the security of Dropbox decompiling and deciphering its source code.

Dhiru Kholia and Przemyslaw Wegrzyn, unveiled a pdf document in which they indicate the manner in which they were able to bypass security measures Dropbox storage service and sharing files in the cloud. They explain how they were able to intercept data from its servers.

We have described a method to bypass the security on two-factor authentication accounts Dropbox. But it is actually relatively generic techniques to intercept data via code injection methods.

Specified Dhiru Kholia and Przemyslaw Wegrzyn.

Studying the executable of the app, hackers said they had decompiled its source code, and after this, they were able to intercept SSL communications from the Dropbox servers and add a bypass of two-factor authentication may be possible, even if it means creating a new customer.

This news that probably not delight Dropbox account holders, as this flaw uses a method of reverse engineering, which as in this case literally dismantle a system to analyse the systems that it is made of. We hope that the service administrators react fast enough to prevent a possible attack.