Researchers Reverse Engineer and Hack Dropbox, 'Heavily Obfuscated Python App'
The pair were then able to intercept SSL traffic from Dropbox’s servers and bypass its two-factor authentication. They worked up a research paper to describe their techniques. “We show how to unpack, decrypt and decompile Dropbox from scratch and in full detail,” they wrote. “This paper presents new and generic techniques to reverse-engineer frozen Python applications. Once you have the de-compiled source code, it is possible to study how Dropbox works in detail.”
To Dropbox’s credit, Kholia and Wegrzyn noted that Dropbox has acted quickly to plug holes and reinforce its security, making the service as safe as it can be. Still, it’s a constant battle between cybercriminals and security pros, and at best the good guys are typically only a step ahead (or behind, as it were) the bad guys.