Dropbox Fixed Security Flaw In Its Android SDK

Dropbox Fixed Security Flaw In Its Android SDK

The popular cloud storage service Dropbox have announced today that it has fixed a security flaw in its Android SDK that could allow the attackers to capture new data a user saved to Dropbox. For users to be affected by this vulnerability, they would've needed to:
  • Use an affected app on an Android device.
  • Not have the Dropbox for Android app installed, and
  • Visit a specially-crafted malicious page with their Android web browser targeting that app, or have a malicious app installed on their phone.
The security flaw was discovered by security researchers at IBM -- Roee Hay and Or Peles 

ATTACK SCENARIO

First, the attacker links their Dropbox account to a vulnerable third-party app on the affected user's device. Then the attacker captures new data the victim saved to Dropbox via the vulnerable app.

Dropbox pointed out, "Every app works differently, so many apps using the affected SDKs weren’t vulnerable at all or required additional factors to exploit. This vulnerability couldn’t give attackers access to any existing files in a user’s account, and users with the Dropbox app installed on their devices were never vulnerable. There are no reports or evidence to indicate the vulnerability was ever used to access user data."

The android developers using Dropbox's Core API or Sync/Datastore SDKs are advised to update the app to use the latest versions.

1 comment :

  1. Most important factor to be considered while choosing the public cloud provider is the security and virtual data rooms are solely dedicated to provide the maximum security.
    iDeals virtual data room

    ReplyDelete

Powered by Blogger.