Too Good to be True: Dropbox’s Little Security Problem

dropboxYeah, I have to admit that I love Dropbox. It may be the second most useful app I have on my iPad (the most useful, is iAnnotate, which I’ll discuss at another time). It’s freaking great! Files transfer seamlessly (or as seamlessly as your internet connection allows). I can make changes on my computer at home, upload those changes to Dropbox, make additional changes on my iPad, then use Dropbox to transfer that version to my work computer. What’s not to love?

Oh, right. Dropbox is, apparently, a gigantic, gaping hole in your company’s firewall and information security system.

We all know that companies ban employees from using certain websites while at work. It’s not always helpful for business productivity for employees to always be on Facebook during the day, and while there would probably be a second revolution, it wouldn’t be hard to understand why companies would want to block sports or betting sites during the NCAA Men’s Basketball Tournament.

Companies are wising up to the use of apps too, a problem that is becoming more prevalent in the growing world of “BYOD.” (Bring Your Own Device) A list of the Top 10 Most Banned Apps (for iOS and Android) was published earlier this month, and it contained plenty of the usual suspects: Angry Birds had a place on both lists, as did Facebook and Netflix. However, I was quite surprised to find Dropbox on both lists. Ok, actually, let me modify that: I was quite surprised to find Dropbox WAS THE #1 MOST BANNED APP ON BOTH LISTS.

I figured, well, banning Dropbox circumvents the ability of people to bring personal stuff into the office, and also probably prevents too many people from bringing office stuff home without being monitored. Preventing employee theft seems like a good idea to me, so I continued reading. Turns out preventing employees from using Dropbox was only a small part of the story. The rest? We’ll call it “Dropbox’s Little Security Problem.”

What is Dropbox’s Little Security Problem, you ask? Check this out:

Jacob Williams is what’s known as a Pen Tester (he is hired by companies to test their internet security… basically a 2013 version of Robert Redford’s character in Sneakers). He was hired by a company to test its security by attempting to hack into their system. He was COMPLETELY stymied. They had him blocked out entirely…

Until he found out that a company VP had Dropbox on his home computer. Using a small program, he infiltrated the company’s ENTIRE SYSTEM within days. This formerly impregnable, hacker-proof system, was undone simply because the VP used Dropbox at home. (In case you’re wondering, the worst thing about Dropbox is what you love about it most: the synchronization feature – synchronization opens up all systems involved to easy access from malware and other bad stuff.) Also, if you’re a nerd like me, you’ll enjoy the part of the article that describes how he did it. Soooo… it turns out that Dropbox’s Little Security Problem may not be so little after all.

Although Dropbox has attempted to make some improvements, they cannot fix the glaring weakness without taking away what users love the most about it. They do offer a more secure version at the highest level, but the reality for any business attempting to maintain data security is that Dropbox on any computer connected to the network, regardless for what it’s used and by whom, is likely a threat to your data security.

I don’t care what none of y’all say, I still love her.

For those not scared away, check out reviews of Dropbox and other Data Storage services here.