Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

dropbox app vulnerability

N

no-clever-name

macrumors newbie
Original poster
Nov 14, 2012
2
0
I tried finding info on this but could not find any thread that mentioned it, if there is one, I apologize.

While I was playing around with iExplorer, I came to my dropbox app folder. I looked through the content of the folder and found that I can access all the files that have been accessed by my phone. Files are not encrypted at all.

There is nothing special about my setup. I have the stock iOS6 (not jailbroken). I have a 4 digit pin to access my phone, and a 4 digit pin on my dropbox app.
iExplorer bypasses both pins. I copied the folder from my phone to my desktop and was able to access images, text documents, movies etc.

Is this a known vulnerability? More importantly, is there a fix for it?

Thanks in advance for any input.
 
Intell said:
Not always. If the device is an unjailbroken A5 or newer device with a passcode, the system remains secure.
Click to expand...

It's just scary. It took 1-2 minutes to download the folder and I had all those files at my disposal. I'll try my wifes's phone and see if it's any different. (She has the 4S).

Someone can just take your phone for a couple of minutes, make you feel like you temporarily misplaced it and still have access to all those files.

Nothing that can be done, I guess. Not installing the app :p
 
If you have a passcode set on the phone it is very difficult to get access to the data. Without the phone being unlocked by entering the passcode, iOS only allows access to the device's camera roll. Nothing else. Once the connect a computer to the phone when the phone is unlocked, the computer is added to the list of devices that is allowed to access the phone's contents. Thus, if your phone is stolen the theif will not be able to use their computer to access your phone's data because their computer is not authorized with your phone. There is nothing bad or scary about this. The thing that makes it bad is that people don't know how it works and then blankly state that it's "broken". Install the Dropbox app. There isn't a thing wrong with it.
 
If you want to stay with dropbox, I would look at a 3rd party program like PGP to encrypt your files. Otherwise, dropbox does have some know vulnerabilities when it comes to hosting sensitive data like password files, etc
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back