Is Dropbox opening users Documents

3

Source: WNC InfoSec

Update: WNC InfoSec

Dropbox…opening my docs?

I had the opportunity recently to beta-test HoneyDocs, a web app that generates documents that can ‘buzz home.’ This is done by a unique, embedded GET request that is initiated when the generated document has been opened.

Several use cases came to mind, but I was most interested in seeing if my cloud storage services were manipulating my files in a way that I may not have been aware of.

My experience:

Uploaded Documents to Dropbox Personal Account with Private Folders (not shared)

  • Uploaded “passwords” documents generated by HoneyDocs.
  • These were uploaded with both the client application as well as the web interface.

dbox1What’s this?  A ‘Buzz’ from the recently uploaded documents?

  • The first successful ‘buzz’ took approximately 10 minutes.
  • I attempted to re-create this by deleting the files in question and re-uploading the same HoneyDocs files, but was unable to get further ‘buzz backs’ with the same files.
  • The IP appears to be an Amazon EC-2 instance in Seattle

dbox2

So now I’m curious…are the files being accessed for de-duplication purposes or possibly malware scanning?  If so, then why are the other file types not being opened?  It appears that only .doc files are being opened…

I then uploaded more HoneyDocs files to my Dropbox folder, this time from a different computer and ISP to rule out any of those variables.

All .doc embedded HoneyDocs appear to have been accessed…from different Amazon EC-2 instance IPs.

Dropbox opening users Documents, Freedom Hacker

Further digging into the HoneyDocs data reveals a suspicious User Agent, LibreOffice.  Now I’m curious if this is still an automated process or one that involves human interaction?

Dropbox opening users Documents, Freedom Hacker

 All in all, I made 3 attempts to upload embedded documents and all appeared to be opened from different Amazon instances.  This could have something to do with how Dropbox’s storage architecture is configured while utilizing Amazon S3 buckets.

Regardless, the .doc files seemed to have been opened for some reason.  I’d like to know why…

If you are curious, I encourage you to test it out on your own!  You can sign-up for a free HoneyDocs account here.

Is Dropbox opening users Documents?

Above I have re-posted an article about DropBox opening users documents. A dropbox customer uploaded a file with some buzz words. The author goes into more detail about that in the article. But in the end he gets the IP of unknown users accessing his files, and only the dropbox staff would have access to that. Dropbox has made no statements so far, but this really brings up a vital question. Is dropbox a reliable and secure cloud storage company? Can we trust them with our files, and our privacy? Here are some Dropbox alternatives.

UPDATE: As it turns out, Dropbox views/opens certain file types in order to convert them to a compatible format so they are easily accessible via web browser for its users.

About Author

Brandon Stosh is the founder and CEO of www.freedomhacker.net. Stosh is a cyber security researcher and professional consultant who strives to provide reliable news on cyber-security based topics.

3 Comments

    • This is from the follow-up on http://www.wncinfosec.com : “As it turns out, Dropbox views/opens certain file types in order to
      convert them to a compatible format so they are easily accessible via
      web browser for its users. This makes sense and is common practice for
      many cloud storage services to provide the convenience of browser access
      while not needing any additional software to open these documents.”
      I guess its not too scary then?

      • Thanks for this info, I have updated the article. But SpiderOak’s zero tolerance policy still makes me feel more secure.

Leave A Reply

Send this to friend