Talking tech since 2003

Security researchers, Florian Ledoux and Nicolas Ruff from the IT department at EADS, set out to find out just how secure, cloud storage service, Dropbox actually is. They recently presented their findings at the Hack.LU security conference. The two explained the sophistication used by Dropbox’s developers to encrypt the desktop client, showed how the client protects its configuration, and also demonstrated how data is exchanged.

The researchers say that they found no major vulnerabilities in the software. “Dropbox is now quite secure,” said Nicolas Ruff. However, the researchers did uncover one minor security problem: the client doesn’t check one particular certificate when communicating with other Dropbox clients on a local network. This potentially enables attackers to block the client of other network users, for example.

Additionally, according to the researchers, the vulnerability can also be exploited for surveillance purposes: companies could, for instance, monitor whether confidential company documents leave the building over Dropbox (data leakage prevention). With that being said, the security experts informed Dropbox of their discovery before giving the presentation, so the vulnerability could actually already be patched in the current version of the client.

You can view their presentation here.


Comments

Sign in or become a BestTechie member to join the conversation.
Just enter your email below to get a log in link.

Subscribe to BestTechie Plus

You've successfully subscribed to BestTechie
Welcome back! You've successfully signed in.
Great! You've successfully signed up.
Your link has expired
Success! Your account is fully activated, you now have access to all content.