Beware of Airdroid - over 20 million users exposed to security risks
A mobile security company called Zimperium has discovered a number of major security issues for Airdroid – a remote access management tool for Android with over 20 million downloads. Sand Studio – the product team behind Airdroid was informed by Zimperium about said vulnerabilities more than six months ago and promised to patch things up with the 4.0 release of the app which was introduced last month. The security company later found out that all of the issues still persisted on version 4.0, so it decided to make it's discoveries public today.
Zimperium's findings highlight how malicious parties can exploit the app's built-in functionalities and use them against users on the same network. Airdroid uses the same encrypted HTTP request to authorize the device and send usage statistics. The key to this encryption is hardcoded into the application, which means that everyone using it has the exact same key. With this key, attackers can intercept the authentication request and gain access to private account information, such as the e-mail address and password associated with the Airdroid account. Moreover, the hackers can also use a similar method to inject any malicious APK by prompting the app to notify the user of a required software update.
It is very unfortunate to see a developer putting profits before people and not focusing on security. While we all hope to see these issues fixed in the next update, it is advisable to stop or at least limit the use of this app until something is done to correct this.
source: Zimperium via Android Police
Posts: 142; Member since: Sep 29, 2009
posted on Dec 02, 2016, 10:33 AM 2
Posts: 2445; Member since: Mar 23, 2012
posted on Dec 02, 2016, 11:59 AM 1
Posts: 6794; Member since: Mar 29, 2012
posted on Dec 02, 2016, 1:33 PM 4
Posts: 299; Member since: Jul 21, 2014
posted on Dec 02, 2016, 2:26 PM 4
Posts: 7129; Member since: Mar 04, 2015
posted on Dec 02, 2016, 4:03 PM 1
posted on Dec 02, 2016, 3:36 PM 0
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
- Off-topic talk - you must stick to the subject of discussion
- Trolling - see a description
- Flame wars
- Offensive, hate speech - if you want to say something, say it politely
- Spam/Advertisements - these posts are deleted
- Multiple accounts - one person can have only one account
- Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):