Dropbox Reverse-Engineered, Other Python Apps at Risk
Researchers Dhiru Kholia and Przemyslaw Wegrzyn have discovered a method to reverse-engineer Dropbox, which may open the door for open-source clients, but also gives attackers a way to intercept encrypted content and bypass the file sharing service’s two-factor authentication. The discovery has broader implications for the Internet, as the same methods could be used against any proprietary app built using the Python language. A Dropbox spokesperson said that while they “appreciate the contributions of these researchers,” the discovery “does not present a vulnerability in the Dropbox client.” Dropbox argues that the exploit will not work unless the user’s computer is already compromised.