Beware of Airdroid - over 20 million users exposed to security risks
posted by Plamen D. / Dec 02, 2016, 9:31 AM
In present times, having the ability to remotely access your phone or computer can be quite useful. Considering this, it comes as no suprise that apps designed with this feature in mind have become very popular among users, however, in some cases various risks can hide behind the apparent convenience of using such applications.
A mobile security company called Zimperium has discovered a number of major security issues for Airdroid – a remote access management tool for Android with over 20 million downloads. Sand Studio – the product team behind Airdroid was informed by Zimperium about said vulnerabilities more than six months ago and promised to patch things up with the 4.0 release of the app which was introduced last month. The security company later found out that all of the issues still persisted on version 4.0, so it decided to make it's discoveries public today.
Zimperium's findings highlight how malicious parties can exploit the app's built-in functionalities and use them against users on the same network. Airdroid uses the same encrypted HTTP request to authorize the device and send usage statistics. The key to this encryption is hardcoded into the application, which means that everyone using it has the exact same key. With this key, attackers can intercept the authentication request and gain access to private account information, such as the e-mail address and password associated with the Airdroid account. Moreover, the hackers can also use a similar method to inject any malicious APK by prompting the app to notify the user of a required software update.
It is very unfortunate to see a developer putting profits before people and not focusing on security. While we all hope to see these issues fixed in the next update, it is advisable to stop or at least limit the use of this app until something is done to correct this.
source: Zimperium via Android Police
Posts: 139; Member since: Sep 29, 2009
OK, time to uninstall for now. Android security issues just keep coming up.
posted on Dec 02, 2016, 10:33 AM 2
Posts: 2443; Member since: Mar 23, 2012
Welcome to Android people....! Please remember these very important articles one by one which tells how bad the Android security and the whole ecosystem is. Please try to do that you fanboys. Because tomorrow some idiot will say "Android is the best operating system"...lol
posted on Dec 02, 2016, 11:59 AM 1
Posts: 6794; Member since: Mar 29, 2012
Nobody say Android is the best operating system. I am using it because its the more transparent OS. Security problem get more readily discover and fixed. Proprietary OS lacks such transparency but I see a few here prefers it that way. Sticking their heads into their beloved company ass.
posted on Dec 02, 2016, 1:33 PM 4
Posts: 255; Member since: Jul 21, 2014
Go through yesterday's posts on this website and you'll find an article regarding iOS being bypassed. No OS is 100% secure, so please think before posting and calling people "fanboys" when you yourself are exactly what you're calling other people, just for a different OS. I don't brag about Android being the best OS. I think it's better than iOS for multiple reasons, having owned different generations of Apple products.
posted on Dec 02, 2016, 2:26 PM 4
Posts: 6831; Member since: Mar 04, 2015
No one is safe
posted on Dec 02, 2016, 4:03 PM 1
posted on Dec 02, 2016, 3:36 PM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):