A security test showed that files uploaded to Dropbox are opened and read by Dropbox which causes some concerns for the popular cloud storage service.
Dropbox is a very popular cloud storage service which is used both as a backup storage service but also to synchronize files and data over multiple computers or devices. As with any cloud storage, security is always a concern for sensitive documents. Recently, WNC Infosec has conducted a security test on Dropbox, based on the technology provided by Honeydocs, which showed that files uploaded to Dropbox are opened and viewed by Dropbox which raises some security concerns.
Honeydocs is a technology and a service that allows users to tag files and documents that will alert the users if the files are opened either through e-mail or an SMS text message. Using Honeydocs, WNS Infosec tagged their files and allowed them to be synchronized to Dropbox. The results show that consistently within 10 minutes, the documents would be opened and read by some entity of Dropbox.
Currently, the test results show that Word documents are opened by someone using Libreoffice. The security firm published the findings and has given Dropbox a chance to explain their intentions. Dropbox claims that documents are opened by them in order to generate previews, and currently this encompasses Word, PowerPoint and PDF files. While the explanation may make sense, it would definitely be interesting to see if Google Drive would result in similar results as the service too is able to generate previews.
Regardless, the security test by WNC Infosec once again highlights the importance of security considerations when dealing with cloud-based storage. In essence, by using a cloud, the users are giving up their control over the uploaded files and security aware users or users with enhanced security needs should consider to encrypt all files that are synchronized to Dropbox.
No comments:
Post a Comment