Dropbox is a widely used cloud-based storage platform that is now the target of security researcher scrutiny, as user data privacy is being called into question. A pair of researchers at the USENIX security conference in August released a white paper in which they describe methods for attacking Dropbox and obtaining user data. While the merit of the actual research is debatable, it raises questions about what enterprises should be doing to protect the integrity and security of data in the cloud.
While Dropbox is aware of the research, it isn't treating it as a security risk that demands immediate attention. A Dropbox spokesperson noted in an email to eWEEK that Dropbox appreciates the contributions of security researchers and everyone who helps keep Dropbox safe. That said, Dropbox does not currently hold the view that the research presented at the USENIX conference presents a vulnerability in the Dropbox client.
Steven Sprague, CEO of Wave Systems, told eWEEK that in his view, the fundamental problem is that Dropbox can read all of the files, for all of the customers.
"The fact that they are stored encrypted is of no value if the keys are owned by Dropbox," Sprague said.