Beware of Airdroid - over 20 million users exposed to security risks


In present times, having the ability to remotely access your phone or computer can be quite useful. Considering this, it comes as no suprise that apps designed with this feature in mind have become very popular among users, however, in some cases various risks can hide behind the apparent convenience of using such applications.

A mobile security company called Zimperium has discovered a number of major security issues for Airdroid – a remote access management tool for Android with over 20 million downloads. Sand Studio – the product team behind Airdroid was informed by Zimperium about said vulnerabilities more than six months ago and promised to patch things up with the 4.0 release of the app which was introduced last month. The security company later found out that all of the issues still persisted on version 4.0, so it decided to make it's discoveries public today.

Zimperium's findings highlight how malicious parties can exploit the app's built-in functionalities and use them against users on the same network. Airdroid uses the same encrypted HTTP request to authorize the device and send usage statistics. The key to this encryption is hardcoded into the application, which means that everyone using it has the exact same key. With this key, attackers can intercept the authentication request and gain access to private account information, such as the e-mail address and password associated with the Airdroid account. Moreover, the hackers can also use a similar method to inject any malicious APK by prompting the app to notify the user of a required software update.

It is very unfortunate to see a developer putting profits before people and not focusing on security. While we all hope to see these issues fixed in the next update, it is advisable to stop or at least limit the use of this app until something is done to correct this.

source: Zimperium via Android Police

FEATURED VIDEO

17 Comments

1. drifter77

Posts: 400; Member since: Jun 12, 2015

Damn... this is one of my fav apps.

2. emvxl

Posts: 140; Member since: Sep 29, 2009

OK, time to uninstall for now. Android security issues just keep coming up.

21. xondk

Posts: 1904; Member since: Mar 25, 2014

This is not so much Android as an android app a lot use though.

3. Mxyzptlk unregistered

Android really needs to bump up the security.

13. Pabliell

Posts: 179; Member since: Mar 22, 2016

It's not Android this time, just this one particular app.

4. Scott93274

Posts: 6031; Member since: Aug 06, 2013

Damn, I love this app, though I don't use it all the frequently. I guess I'll remove it for the time being until I hear that they've fixed the issue.

5. piyath

Posts: 2445; Member since: Mar 23, 2012

Welcome to Android people....! Please remember these very important articles one by one which tells how bad the Android security and the whole ecosystem is. Please try to do that you fanboys. Because tomorrow some idiot will say "Android is the best operating system"...lol

6. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Nobody say Android is the best operating system. I am using it because its the more transparent OS. Security problem get more readily discover and fixed. Proprietary OS lacks such transparency but I see a few here prefers it that way. Sticking their heads into their beloved company ass.

7. gdawilson

Posts: 299; Member since: Jul 21, 2014

Go through yesterday's posts on this website and you'll find an article regarding iOS being bypassed. No OS is 100% secure, so please think before posting and calling people "fanboys" when you yourself are exactly what you're calling other people, just for a different OS. I don't brag about Android being the best OS. I think it's better than iOS for multiple reasons, having owned different generations of Apple products.

11. sissy246

Posts: 7065; Member since: Mar 04, 2015

12. sissy246

Posts: 7065; Member since: Mar 04, 2015

Oh and there are more, just go look it up.

8. tedkord

Posts: 17296; Member since: Jun 17, 2009

20 million is less than 1.5% of active Android devices.

9. Crispin_Gatieza

Posts: 3122; Member since: Jan 23, 2014

The best file transfer and notification tool is called BlackBerry Blend. End of story.

17. vliang86

Posts: 337; Member since: Oct 05, 2015

Switch to iOS, problem solved

18. Pabliell

Posts: 179; Member since: Mar 22, 2016

And countless other problems will occur.

22. JunitoNH

Posts: 1946; Member since: Feb 15, 2012

It is, always Android. As I always say, use as directed, only for play, nothing more.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.