Dropbox Client Research: Get Code, Emulate MiM Attack – to Protect Sensitive Data
Binary files of Dropbox Client discovered to be compiled and obfuscated Python files – not a big problem for Apriorit Research Department. Use legal Reverse Engineering when you need the 3rd-party application compatibility!
The Client and Apriorit teams were working on a DLP system. At the next stage, the solution had to protect sensitive data from being transferred to the public cloud, in particular, Dropbox.
Cloud storage becomes essential part of work – but at the same time, it is one more channel for the corporate data to “slip away”, like email or chats. So a DLP solution must not prevent employees from using such popular cloud tool as Dropbox, while being able to monitor/protect data within it.
Such “flexible” 3rd-party solution compatibility can be a hard task, as we do not want to block application functioning, but to influence it in particular manner. All the processes, formats, and protocols are closed by publisher. What a DLP solution vendor can do in this situation? Fortunately, this is one of the cases when reverse engineering can be applied absolutely legally.
Apriorit Research and Reverse Engineering Group researched Dropbox client internals, network traffic and file system interaction and provided a prototype to successfully intercept, analyze and manage all necessary Dropbox file/folder and network operations.
For more details:Reverse Engineering Case: Dropbox Client Research: Get Code, Emulate MiM Attack - to Protect Sensitive Data
(PDF, 580 KB)