Of the services based on the Internet and what it has to offer Dropbox is the most famous and used. Being much more than just a file hosting service, has been able to grow and keep up with the competition.
But Dropbox is as vulnerable as any other service and this time was the victim. Your SDK for Android had a serious security breach and could be exploited by anyone.
The security issue affecting the Dropbox was not directly connected to its application for Android but the SDK that developers can use to connect their applications with this service.
It was discovered and reported to the Dropbox by X-Force Application Security Research IBM team, who gave him the name of DroppedIn. The response was immediate Dropbox accepting the problem in less than 6 minutes, recognized the existence of the same in just 24 hours and presented a solution in four days.
The SDK in question allowed the applications that used could be linked to a Dropbox account controlled by a malicious user, which is a serious failure of the access control mechanism.
The versions of the SDK that have this problem are the 1.5.4 and earlier and the problem is even contained in this SDK and not the application itself Dropbox, which does not have this problem.
To exploit this vulnerability SDK Dropbox striker need to resort to one of two possible methods. The first by installing an application on Android terminal or alternatively through a remote process in which the attacker the user guide to get force attack.
Although it was corrected the problem on newer versions of the SDK there are still many applications that still use the SDK’s affected by the problem .
It depends on so programmers solve this problem. To update their applications to the new SDK and releasing new versions of the same guarantee the safety of users.
On the other hand there is a simple way for users to protect themselves. Go through the installation of the application of Dropbox for Android and its use whenever they want to access the files in this service.
The speed with which the Dropbox addressed this problem and shows the importance they attach to the safety and protection of user data.
-> ->
<-
<-
Filed in category:
->
No comments:
Post a Comment