Cloud storage thievery possible without the password
nadnerB last edited by
The research paper details a new technique called MITC (Man in the Cloud), which allows attackers to intrude popular cloud storage services like Box, Dropbox, Google Drive, and OneDrive.
MITC attacks don't rely on vulnerabilities in the syncing applications themselves, nor on security holes in the cloud storage server, but act on a design flaw.
Because of the way these services were built, not requiring a password every time a file is synced, a token is used instead to authorize these operations without constantly hampering the user.
The article also mentions that this could be a delivery method for malware etc
Also being discussed here: http://community.spiceworks.com/topic/1108794-attackers-can-access-dropbox-gdrive-onedrive-accounts-without-user-s-password