Sep 9, 2016

Dropbox highjacked your Mac security

If you're using Dropbox on Mac OS you might be surprised that Dropbox has permission to control your computer, even it's never asking permission for doing so. Even if you uncheck or remove Dropbox from Accessibility list it will reappear on next log in to computer or next start of Dropbox app. There is good articles at applehelpwritter.com on what is exact issue revealing Dropbox’s dirty little security hack and on how Dropbox do that discovering how Dropbox hacks your mac.

As for me, I'll show you how to prevent of Dropbox to highjacking Mac OS security. What we need is to remove access to execute exploit and prevent Dropbox to revert that changes.

1. Open Terminal app. Change current directory to Dropbox exploit dir. Dropbox version might be different on your computer, just choose latest if there is more than one.
cd /Library/DropboxHelperTools/Dropbox_u502
Remove executable and set-user-id bits from exploit binary. System will prompt you for admin password.
sudo chmod -sx dbaccessperm
Lock changes for exploit binary.
sudo chflags uchg dbaccessperm

2. Now uncheck permission for Dropbox in System Preferences - Security & Privacy - Privacy. You will need to Click the lock at left bottom to make changes on this page. That's it. Permissions for Dropbox will not reappear after Mac restart. Most important, there is no dialogs on every OS reboot.

You might think that more easy to just remove exploit binary but this not the case, if binary removed, Dropbox will recreate it on next start and override permissions.

If you not sure will Dropbox correctly work without controlling your computer, there is explanation why accessibility used by Dropbox app - "We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions)." link. Personally I'm not using office integration and not see any problem in Dropbox functionality since I've disabled accessibility access for Dropbox.

No comments:

Post a Comment