Phil Muncaster 11th March 2015
Mobile Dropbox users have been urged to update their version of the app and any others it might be linked to, after researchers discovered a flaw which could allow attackers to steal sensitive corporate data.
The IBM X-Force Application Security Research Team claimed the flaw affects Dropbox SDK versions 1.5.4 to 1.6.1 and can be exploited locally using malware as well as remotely using drive-by techniques.
It effectively allows an attacker to execute malware during a Dropbox log-in and obtain the “nonce” – a random number used to help authenticate the user.
The hacker can then download to their own Dropbox account sensitive files from any vulnerable apps linked via SDK to the user’s compromised Dropbox account. There’s also the option of uploading files into the user’s compromised apps via Dropbox, IBM said.
Full Article
Dropbox Android Flaw Could Let Hackers Steal Corporate Files
+54
By Ian Barker
A flaw in the Dropbox SDK for Android could potentially put large numbers of MS Office files stored in the cloud at risk.
IBM's X-Force Application Security Research team has discovered a severe vulnerability in Dropbox's software development kit (SDK) used byAndroid app developers to connect to Dropbox so users can tap into their files via an app.
The biggest app that uses the Dropbox SDK is Microsoft Office Mobile, which is reckoned to host over 35 billion files on Dropbox for users. Microsoft Office Mobile which likely holds sensitive information has been downloaded more than 10 million times. Additionally, password manager AgileBits 1Password (100,000 downloads) plus several productivity and photo editing and sharing tools use the same SDK.
full article
A flaw in the Dropbox SDK for Android could potentially put large numbers of MS Office files stored in the cloud at risk.
IBM's X-Force Application Security Research team has discovered a severe vulnerability in Dropbox's software development kit (SDK) used byAndroid app developers to connect to Dropbox so users can tap into their files via an app.
The biggest app that uses the Dropbox SDK is Microsoft Office Mobile, which is reckoned to host over 35 billion files on Dropbox for users. Microsoft Office Mobile which likely holds sensitive information has been downloaded more than 10 million times. Additionally, password manager AgileBits 1Password (100,000 downloads) plus several productivity and photo editing and sharing tools use the same SDK.
full article
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.