Tuesday, August 27, 2013

Researchers Reverse-Engineer the Dropbox Client

Michael Kassner:

In their paper Looking inside the (Drop) box, Dhiru and Przemyslaw get right to the point:

“We describe a method to bypass Dropbox’s two-factor authentication and hijack Dropbox accounts. Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented.”

Dhiru and Przemyslaw accomplished this by reverse engineering the Dropbox client. That may not seem like much, as reverse engineering is a common practice. What made their effort unique was figuring out how to reverse engineer the client even though it was an obfuscated application written in Python.

Comments RSS · Twitter

Leave a Comment