Researchers Dhiru Kholia and Przemyslaw Wegrzyn have discovered a method to reverse-engineer Dropbox, which may open the door for open-source clients, but also gives attackers a way to intercept encrypted content and bypass the file sharing service’s two-factor authentication. The discovery has broader implications for the Internet, as the same methods could be used against any proprietary app built using the Python language. A Dropbox spokesperson said that while they “appreciate the contributions of these researchers,” the discovery “does not present a vulnerability in the Dropbox client.” Dropbox argues that the exploit will not work unless the user’s computer is already compromised.
Subscribe today so you don’t miss any TidBITS articles!
Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 29 years, we’ve published professional, member-supported tech journalism that makes you smarter.
Registration confirmation will be emailed to you.