We Want to Hear From You! What Do You Want to See on the Community? Tell us here!

Forum Discussion

GreyMane's avatar
GreyMane
New member | Level 2
12 months ago

Unsigned Executable Muddies Water on Security Investigations

On Mac, an unsigned executable can muddy the water on security investigations.
/Library/DropboxHelperTools/Dropbox_u501/dbkextd
Whereas unsigned executables are a big attack vector for Mac, anything that is in here could be the source of an experienced security event. All legitimate software installed by a legitimate company should be signed to avoid this delay. Signing it would make it not appear suspicious in an investigation and save security incident responders precious moments. Being unsigned could also allude to the executable having been tampered with. If there is a signed version in the original files and the unsigned version exists in the system, then that is a far simpler check that than trying to reverse engineer the suspected unsigned executable to see what might have been wrapped into it. Long story short, signing all your files for your app makes our lives in security a lot less frustrating.

Mac
security
Third Party Integrations

2 Replies

  • radical_exponent's avatar
    radical_exponent
    Icon for Dropbox Engineer rankDropbox Engineer
    12 months ago

    Hi GreyMane,

    Can you clarify what you're using to check the signature? My understanding is that that binary is and always has been code signed by Dropbox.

  • GreyMane's avatar
    GreyMane
    New member | Level 2
    12 months ago

    No, you are exactly correct. Apologies, it is a false positive in our Etre tool I will raise the issue with them!

    Executable=/Library/DropboxHelperTools/Dropbox_u501/dbkextd

    Identifier=com.getdropbox.dropbox.dbkextd

    Format=Mach-O thin (arm64)

    CodeDirectory v=20500 size=906 flags=0x10000(runtime) hashes=22+2 location=embedded

    VersionPlatform=1

    VersionMin=720896

    VersionSDK=852736

    Hash type=sha256 size=32

    CandidateCDHash sha256=9d60b9eca42a1e70d88b44e403610ac477d4f239

    CandidateCDHashFull sha256=9d60b9eca42a1e70d88b44e403610ac477d4f239665d9883084cf637ea789e7e

    Hash choices=sha256

    CMSDigest=9d60b9eca42a1e70d88b44e403610ac477d4f239665d9883084cf637ea789e7e

    CMSDigestType=2

    Page size=4096

    CDHash=9d60b9eca42a1e70d88b44e403610ac477d4f239

    Signature size=8996

    Authority=Developer ID Application: Dropbox, Inc. (G7HH3F8CAK)

    Authority=Developer ID Certification Authority

    Authority=Apple Root CA

    Timestamp=Jul 9, 2024 at 6:09:49 AM

    Info.plist entries=14

    TeamIdentifier=G7HH3F8CAK

    Runtime Version=13.3.0

    Sealed Resources=none

    Internal requirements count=1 size=192

About Security and Permissions

Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.

Need More Support

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!