Dropbox Infinite: Risking security in exchange for Cloud access?

Well-known for storage provider Dropbox has announced some major changes to the way that their desktop client will work in future, which the company claims will allow Dropbox users to access their account’s contents as if the files were already on the user’s computer.

In theory, this sounds like an amazing idea – no need to use an Internet browser to access files, and no more worrying about how much storage space is taken up on your hard drive by files downloaded from the cloud. However, there may be a problem – potentially a serious one.

Dropbox Infinite is designed to work as a kernel module. This means that it will have access to one of the most sensitive areas of your computer’s Operating System. Dropbox software engineer Damien DeVille explains:

We’re going… into the kernel—the core of the operating system. With Project Infinite, Dropbox is evolving from a process that passively watches what happens on your local disk to one that actively plays a role in your filesystem.

However, City College San Francisco Ethical Hacking tutor Sam Bowne warned:

“If Dropbox is in the kernel, it can access everything [on] your whole system. If there’s a flaw in Dropbox, it could be used to take over your system.”

Dropbox have stated on their blog that they approach the kernel with “extreme caution and respect”, adding that Infinite takes the security and stability of their users’ experience into consideration.


What are your thoughts? Would you be prepared to allow Dropbox access to everything on your system? Why (or why not)? Let us know your thoughts in the comments below!

Jon Hunnings

(Step-)father & husband. I code directly on my #BlackBerry devices, in between blogs! Contact me via Twitter: @BrizBerryDevs or via email: brizberrydevs@utbblogs.com