I’m sure everyone has used Dropbox to upload important documents, and priceless photos that they would like to have access to anywhere, forever, right? Dropbox is a free, cloud based storage service that allows users to upload documents, photos, and videos using a computer, and share them using a tablet or mobile device. This file hosting service is used by over 175,000 people around the world including in some businesses. But what if I told you that your private files can be hacked?
About a year ago, Dropbox was hacked, which prompted the company to add extra security protection such as encryption and “two factor authentication” which were put in place as enhancements. Well, it seems as if that extra security protection that was added, wasn't as great as Dropbox thought it was.
Two security researchers named Przemyslaw Wegrzyn and Dhiru Kholia were able to zoom past Dropbox’s security features, access users files, then published a paper on how it was possible! Crazy right? First thing first, the researchers disabled the two protections that were put in place, then tried “reverse engineering” which allowed them to look at the programming code that Dropbox uses. Although the researchers shouldn't have been able to view the programming code, they were successful. The whole idea was to protect Dropbox and share with the company on how to be more secure.
Since the published paper, in April of 2014, Dropbox has tightened security and added multiple updates to “Dropbox for Business”, which will target businesses and IT professionals who will administer the service. But is it enough?
This case is just another way to remind you that internet safety and security is very important. Be careful when using sensitive information on the web, and on different web applications. You will never know when your information may become compromised.
Dropbox is still the leader in cloud based storage service.
To read the published article "Looking inside the (Drop) box", click here.
References:
The researchers who looked inside the Dropbox made an excellent statement which is a vital aspect in the current age of online security. They only wanted to prove a point: Blocking access to underlying code doesn't necessarily stop hacks. All it does is impede well-meaning developers from vetting it properly.
ReplyDeleteAs a Dropbox user myself, it can be very unsettling to know that a hacker could potentially do what Kholia and Wegrzyn did and have access to my files online. With that said, I don't think their "research" will stop people from using cloud based storage services like Dropbox. Rather, it should hopefully make people think more carefully about the information they choose to put out there. Very good post!
ReplyDeleteI agree with you both. A point was proven, and at the end of the day, hackers will hack. It is entirely up to the users to protect themselves when using web sites and applications. Thank you for your comments!
ReplyDeleteAs Courney said, it's up to the user to determine what information/files they will choose to upload to dropbox. The user should always understand that in a worst-case scenario their files could be accessed - either by a hacker, a drop box employee, or possibly the NSA. For sensitive information (such as tax documents, etc) nothing really beats an external hard-drive stored in separate location (such as a safety deposit box).
ReplyDeleteGood article! You reminded me importance of security in Cloud-based storage like Dropbox!
ReplyDeleteI may be out of the topic here. I am personally using both Dropbox and Google Drive because I still cannot decide which one of them is better. Talking about syncing quality, I found that Drive has some issues. When I was trying to upload many files in a small period of time, I got an error and couldn't fix it unless I deleted the files and re-uploaded them. On the other hand, I've found no problem using Dropbox. However in terms of security, I am on Google side.
Kornchai, Drive does seem to take a painfully long time when uploading a good amount of data. I use drive frequently when I am switching between computers and OS's. I have hardly used dropbox before this year, and it does not surprise me that security has become an issue. Dropbox seemed to grow overnight, and with that much gain in popularity in such a short time, development could not keep up.
ReplyDeleteThank you Ryan and Kornchai for your feedback!
ReplyDeleteRyan, I agree with your statement. It is CRAZY that so many people think that it is ok to upload private information, when they have no clue who has access to their files 24/7. External hard drives are amazing & I definitely feel safer uploading private information somewhere knowing that I only have access to.
Kornchai, I've had issues with Google Drive as well, and I decided to not use it much. BUT as you stated, Google is more secure, and reliable than Dropbox! Google Drive definitely needs to improve.
I agree with all of you. Recently there was a big news about heartbleed bug and unfortunately dropbox is also affected by it. Even I used to upload my stuffs in dropbox frequently but after reading this, I am gonna filter before I upload my stuffs. But nowadays lots of companies are also using dropbox and I am not sure whether they got extra security or not?
ReplyDeleteThe hackers will always be ahead of security. The only thing public services like Dropbox can do is patch their systems as quickly as the vulnerabilities become known and inform their users of their efforts to protect them.
ReplyDeleteYikes!
ReplyDeleteI agree with Todd's comments about Dropbox's response to the unveiling of the security breach. The best thing they can do is inform their users and try to fix the problem.