Researchers Reverse Engineer and Hack Dropbox, 'Heavily Obfuscated Python App'
Another day, another thing-that-is-hacked. This time it was popular cloud storage service Dropbox, but fortunately, the hackers were security researchers. Two of them, actually, named Dhiru Kholia and Przemyslaw Wegrzyn, who found a way to reverse engineer Dropbox, which the SD Times calls a heavily obfuscated Python application.
The pair were then able to intercept SSL traffic from Dropbox’s servers and bypass its two-factor authentication. They worked up a research paper to describe their techniques. “We show how to unpack, decrypt and decompile Dropbox from scratch and in full detail,” they wrote. “This paper presents new and generic techniques to reverse-engineer frozen Python applications. Once you have the de-compiled source code, it is possible to study how Dropbox works in detail.”
To Dropbox’s credit, Kholia and Wegrzyn noted that Dropbox has acted quickly to plug holes and reinforce its security, making the service as safe as it can be. Still, it’s a constant battle between cybercriminals and security pros, and at best the good guys are typically only a step ahead (or behind, as it were) the bad guys.
The pair were then able to intercept SSL traffic from Dropbox’s servers and bypass its two-factor authentication. They worked up a research paper to describe their techniques. “We show how to unpack, decrypt and decompile Dropbox from scratch and in full detail,” they wrote. “This paper presents new and generic techniques to reverse-engineer frozen Python applications. Once you have the de-compiled source code, it is possible to study how Dropbox works in detail.”
To Dropbox’s credit, Kholia and Wegrzyn noted that Dropbox has acted quickly to plug holes and reinforce its security, making the service as safe as it can be. Still, it’s a constant battle between cybercriminals and security pros, and at best the good guys are typically only a step ahead (or behind, as it were) the bad guys.
