We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
9
10
2013
3.1.2023

Dropbox Cloud Hacked: How Safe is SSL?

Last updated:
9.16.2020
3.1.2023
No items found.

At the end of August, news broke that two hackers had broken the two-factor security deployed by Dropbox, a cloud storage platform used by millions of people across the globe. The hackers published their methods in order to promote an open-source version of the program that could, they claimed, be safer for users overall. The hack puts cloud providers and users on edge: how safe is SSL?

Dropbox is quoted at Computerworld as saying the method used would actually require a compromised user computer first, using additional hacks. The two programmers, however, stated that they were able to access the Dropbox API itself, tools that the company keeps locked down.

The hackers used code-injection and monkey patching to gain access to user data despite SSL security layers. Monkey patching and code-injection are similar strategies that can be used maliciously to add code at runtime. When users run a program, the additional code sent from the attacking computer is executed or added to the program, allowing root access or modifying the behavior of a program without access to the original source code. These changes can be made in memory instead of on a hard disk or even sent over a network.

Dropbox may wave off the hackers by saying they would require access to user boxes, but that isn't impossible. User machines can be compromised, especially with the rise of BYOD and shadow IT in companies large and small.

There are security methods that can stave off code-injection type attacks, including randomized cyphers in place before the execution of key program functions. In the end, hackers are a real threat to remotely stored data that must be considered on a daily basis. It is only through a combination of security hardening, SSL, and constant audits and/or cloud security monitoring that hacking attempts can be discovered and thwarted.

When a giant like Dropbox is hacked, it puts all cloud providers on their toes. End-user training including anti-malware tools is a necessity, and IT departments must remain vigilant as well. With monitoring from cloud service providers added to these precautions, sensitive company data can be safely stored in the cloud.

Posted By: Joe Kozlowicz

Recent Blog Posts

lunavi logo alternate white and yellow
5.23.2023
04
.
26
.
2023
Using Azure AI and Logic Apps to Reverse Engineer SMS Search Engines

There used to be entire companies providing SMS answering services. In 2006, one such company was valued at $6 million. Come along as we build the same system in Azure, almost for free, in 2 hours or less!

Learn more
lunavi logo alternate white and yellow
5.23.2023
04
.
12
.
2023
Security Technologies in Microsoft Azure AD: An Overview

Microsoft Azure AD offers a wide range of security technologies that help organizations protect their data and applications against various cyber threats. Learn how to leverage these advanced security technologies in your Azure environment.

Learn more
lunavi logo alternate white and yellow
4.3.2023
03
.
24
.
2023
Getting Started with Azure OpenAI

It's no secret that Microsoft is making waves in AI technology with significant investments in OpenAI, one of the world's leading Artificial Intelligence companies. Everyone is curious about AI abilities, but how can you use AI in your Azure space? One of Lunavi's lead developers will take you through the journey of implementing AI platforms like ChatGPT into your Azure environment.

Learn more