Researchers reverse-engineered the encryption protecting the Dropbox client in order to open it up to further security analysis. The two researchers presented a paper on their work at the recent USENIX Security Symposium. They also demonstrated how to use code-injection techniques to intercept SSL data and bypass two-factor authentication used to protect accounts. A Dropbox spokesperson said the researchers findings do not represent a vulnerability in the cloud storage service. The team plans further research into Dropbox security and encourages the security community to take its shots.
Source: https://threatpost.com/researchers-reverse-engineer-dropbox-client/102144/