dropbox app vulnerability

Discussion in 'iPhone Tips, Help and Troubleshooting' started by no-clever-name, Nov 14, 2012.

  1. no-clever-name macrumors newbie

    Joined:
    Nov 14, 2012
    #1
    I tried finding info on this but could not find any thread that mentioned it, if there is one, I apologize.

    While I was playing around with iExplorer, I came to my dropbox app folder. I looked through the content of the folder and found that I can access all the files that have been accessed by my phone. Files are not encrypted at all.

    There is nothing special about my setup. I have the stock iOS6 (not jailbroken). I have a 4 digit pin to access my phone, and a 4 digit pin on my dropbox app.
    iExplorer bypasses both pins. I copied the folder from my phone to my desktop and was able to access images, text documents, movies etc.

    Is this a known vulnerability? More importantly, is there a fix for it?

    Thanks in advance for any input.
     
  2. Menel macrumors 603

    Menel

    Joined:
    Aug 4, 2011
    Location:
    ATL
  3. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #3
    Not always. If the device is an unjailbroken A5 or newer device with a passcode, the system remains secure.
     
  4. no-clever-name thread starter macrumors newbie

    Joined:
    Nov 14, 2012
    #4
    It's just scary. It took 1-2 minutes to download the folder and I had all those files at my disposal. I'll try my wifes's phone and see if it's any different. (She has the 4S).

    Someone can just take your phone for a couple of minutes, make you feel like you temporarily misplaced it and still have access to all those files.

    Nothing that can be done, I guess. Not installing the app :p
     
  5. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #5
    If you have a passcode set on the phone it is very difficult to get access to the data. Without the phone being unlocked by entering the passcode, iOS only allows access to the device's camera roll. Nothing else. Once the connect a computer to the phone when the phone is unlocked, the computer is added to the list of devices that is allowed to access the phone's contents. Thus, if your phone is stolen the theif will not be able to use their computer to access your phone's data because their computer is not authorized with your phone. There is nothing bad or scary about this. The thing that makes it bad is that people don't know how it works and then blankly state that it's "broken". Install the Dropbox app. There isn't a thing wrong with it.
     
  6. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #6
    That won't reset the authorized computer list on the iPhone. Only be reinstalling iOS and setting it up as a new device will.
     
  7. greenchiliman macrumors 6502

    Joined:
    Jul 29, 2010
    Location:
    Chicago
    #7
    If you want to stay with dropbox, I would look at a 3rd party program like PGP to encrypt your files. Otherwise, dropbox does have some know vulnerabilities when it comes to hosting sensitive data like password files, etc
     

Share This Page