Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Dropbox Mac desktop client hacks OS X security to allow Dropbox full control of ...

$
0
0

philastokes, writing for applehelpwriter.com

If you have Dropbox installed, take a look at System Preferences > Security & Privacy > Accessibility tab (see screenshot above). Notice something? Ever wondered how it got in there? Do you think you might have put that in there yourself after Dropbox asked you for permission to control the computer?

No, I can assure you that your memory isn’t faulty. You don’t remember doing that because Dropbox never presented this dialog to you, as it should have

There really isn’t any excuse for Dropbox to ride roughshod over users’ security and preference choices.

In May of this year, Motherboard had a story titled “Dropbox Wants More Access to Your Computer, and People Are Freaking Out” . This sounded like something that security conscious folks should he concerned about. So setup a reminder on my calendar to watch for a notification of this update from Dropbox. Well as you will see Dropbox made the update without notification to its users and by hacking OS X built-in security.

I saw this tweet in my Twitter feed on 9/9/2016

which lead me to two articles philastokes wrote on applehelperwriter.com revealing what Dropbox had done. You can read both articles here:

revealing Dropbox’s dirty little security hack

discovering how Dropbox hacks your mac

Sure enough, I took a look at System Preferences > Security & Privacy > Accessibility tab and there was Dropbox checked off to allow Dropbox full control of my Mac. I know for a fact I never authorized this.

philastokes, writing for applehelpwriter.com

The upshot for me was that I learned a few things about how security and authorisation work on the mac that I didn’t know before investigating what Dropbox was up to. But most of all, I learned that I don’t trust Dropbox at all. Unnecessary privileges and backdooring are what I call untrustworthy behaviour and a clear breach of user trust. With Apple’s recent stance against the FBI and their commitment to privacy in general, I feel moving over to iCloud and dropping Dropbox is a far more sensible way to go for me. For those of you who are stuck with Dropbox but don’t want to allow it access to Accessibility features, you can thwart Dropbox’s hack by following my procedure here .

I’ve lost all faith in Dropbox. I moved all my Dropbox data over to iCloud. What will you do?


Viewing all articles
Browse latest Browse all 12749

Trending Articles