Industry News

Developers Hacked Dropbox, Bypassed Two-Factor Authentication

Two developers allegedly hacked cloud storage provider Dropbox, bypassing the two-factor authentication and intercepting SSL data from the company’s servers, according to a paper published at USENIX 2013. Dhiru Kholia, from the Openwall open source project, and Przemyslaw Wegrzyn, from consulting agency CodePainters, managed to hack the cloud storage provider through reverse-engineering.

“Before trusting our data to Dropbox, it would be wise (in our opinion) to know more about the internals of Dropbox,” the researchers said. “Questions about the security of the uploading process, two-factor authentication and data encryption are some of the most obvious.”

Developers Hacked Dropbox, Bypassed Two-Factor AuthenticationThe paper revealed the storage system’s internal API and made it “straightforward” to write a portable open-source Dropbox client, according to the developers. It also showed how to bypass two-factor authentication and gain access to user data.

Dropbox denied the research discovered vulnerabilities on its servers. “We appreciate the contributions of these researchers and everyone who helps keep Dropbox safe,” the company’s representatives told Computerworld.

“In the case outlined here, the user’s computer would first need to have been compromised in such a way that it would leave the entire computer, not just the user’s Dropbox, open to attacks across the board.”

The techniques the developers used to reverse engineer frozen Python applications are not limited to Dropbox. The researchers also admitted they are generic enough, but they would help in future software development, testing and research.

In August last year, hundreds of users were spammed after their Dropbox accounts were hacked. The company introduced two-factor authentication, automated mechanisms to monitor suspicious activity, and an activity report page where users can view all logins.

The file storage system claims more than 100 million users who upload over a billion files a day.

About the author


Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.

1 Comment

Click here to post a comment