• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

 | 

AI for Cybersecurity: Building Trust in Your Workflows

 | 

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Reversing Dropbox client code raises security issues

Reversing Dropbox client code raises security issues

Pierluigi Paganini September 02, 2013

Researchers at last USENIX security symposium presented a new method and consolidated techniques for reversing Dropbox code to bypass Dropbox’s two factor authentication, hijack Dropbox accounts and intercept SSL data.

Reversing Dropbox analysis allowed researchers to crack its open cloud storage service, reverse engineering the encryption protecting the client it is possible to open it up to further security analysis.

Dropbox is a cloud based file storage service used by more than 100 million users, a security flaw could have serious repercussions.

During the last USENIX Security Symposium researchers Dhiru Kholia of Openwall and Przemyslaw Wegrzyn of CodePainters demonstrated how to use a code-injection attack to intercept SSL data and bypassing the two-factor authentication implemented for protection of Dropbox accounts. The attack allows the hijacking for Dropbox communication compromising the Dropbox security, the techniques proposed reverse engineer frozen Python applications, an approach that isn’t limited to just the Dropbox application.

“The client consists of a modified Python interpreter running obfuscated Python bytecode. However,Dropbox being a proprietary platform, no source code is available for these clients. Moreover, the API being used by the various Dropbox clients is not documented.”

Reversing Dropbox client

Company representative refused to consider reversing Dropbox a vulnerability, a spokesperson confirmed to Threatpost their position:

“In the case outlined here, the user’s computer would first need to have been compromised in such a way that it would leave the entire computer, not just the user’s Dropbox, open to attacks across the board,” the spokesman said.

In effect the Reversing Dropbox is possible only if the attacker is able to compromise the client exploiting an existing vulnerability that could  be executed remotely.

“Dropbox client has a handy feature which enables a user to login to Dropbox’s website without providing any credentials. This is done by selecting “Launch Dropbox Website” from the Dropbox tray icon. So, how exactly does the Dropbox client accomplish this? Well, two values, host_id and host_int are involved in this process. In fact, knowing host_id and host_int values that are being used by a Dropbox client is enough to access all data from that particular Dropbox account. host_id can be extracted from the encrypted SQLite database or from the target’s memory using various code injection techniques. host_int can be sniffed from Dropbox LAN sync protocol traffic. While this protocol can be disabled, it is turned on by default. We have written an Ettercap plugin [8] to sniff the host_int value remotely on a LAN. It is also possible to extract this value from the target machine’s memory“

Another concerning discovery made by the researchers is that the two-factor authentication available to access Dropbox folder on the Web isn’t supported by the client software, the client can be accessed with a value known as host_ID which could be obtained by an attacker.

Researcher Kholia confirmed that their discovery is arrived as a side-effect of the research mainly focused on Reversing Dropbox, anyway the study raises serious question on the security of the popular web storage.

“We believe that our biggest contribution is to open up the Dropbox platform to further security analysis and research,” “Dropbox will/should no longer be a black box.” said the expert Kholia.

Research on reversing Dropbox is not new but almost related to previous versions of the cloud storage, the researchers started from the analysis of API used by Dropbox client and they were able to decompile the Dropbox client source code and analyze it, in particular they were also able to use Reflective DLL injection and LD_PRELOAD on Windows and Linux to intercept SSL traffic.

“Once we are able to execute arbitrary code in Dropbox client context, we patch all SSL objects and are able to snoop on the data before it has been encrypted (on sending side) and after it has been decrypted (on receiving side),”“This is how we intercept SSL data. We have successfully used the same technique on multiple commercial Python applications.”  the paper said. 

Despite the results for reversing Dropbox the researcher confirmed their good opinion of the overall security level offered to the users.

“Overall, Dropbox is just fine,” “There is nothing to worry about. We are still using and loving it.” Kholia said.

Pierluigi Paganini

(Security Affairs – Hacking, Reversing Dropbox)


facebook linkedin twitter

cloud storage encryption Hacking Reversing Dropbox security two-factor authentication USENIX

you might also like

Pierluigi Paganini August 19, 2025
U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini August 18, 2025
AI for Cybersecurity: Building Trust in Your Workflows
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

    Hacking / August 19, 2025

    AI for Cybersecurity: Building Trust in Your Workflows

    Security / August 18, 2025

    Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

    APT / August 16, 2025

    New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

    Malware / August 15, 2025

    Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

    Security / August 15, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT