I’ve opined on the security of cloud solutions in the past, usually stating that the odds were good that established cloud vendors have better security than the average data center. Yesterday, I saw an shared an article about how researchers reversed engineered the Dropbox client. While this isn’t necessarily a critical issue for Dropbox, it does raise some interesting discussion points around security through obfuscation.
First, the Research
The researchers decompiled the Dropbox client which was compiled in a manner that decompiling was difficult. Once the researchers were able to do it, they hijacked the account. Given that a program would already possess full access to a person’s machine to accomplish this, there wouldn’t be new data to access through the client.