![]() ![]() In a reply to growing concerns, AirDroid made the following official comment: But the new version still has the same problems, and nothing has been fixed. ![]() AirDroid released version 4, claiming to fix the issues. Zimperium had been on the case since long, notifying AirDroid of the security vulnerabilities. And once that happens, you've as good as handed your phone to a hacker and given them the unlock code to use it. Giving it the permission to update will simply download and execute the malicious APK. The user will be fooled into thinking that the AirDroid application needs to update. Requests sent by the application to check for updates can be intercepted, and replied to by injecting a malicious APK. The major problem with this is that it opens the gates for many kinds of attacks. This is almost as good as not having any key at all. ![]() The communication is encrypted, but the application doesn't generate a unique key-pair for each user, and uses a single, rather hard-coded key that is the same for everyone. One of the vulnerabilities found by Zimperium was that the AirDroid application uses the same HTTP request to authorize a device as well as send statistics. Unfortunately, convenience often comes at a price and, in this case, a great risk.Ī mobile security company, Zimperium, has identified many security vulnerabilities in the AirDroid, which can allow hackers on the same network to get their hands on user information and even execute malicious code on their device by sending APK files. The end-goal is to go hands-off your smartphone and control everything on your PC while you're working. With 10-50 Million downloads, it is the most popular app of its kind, although there are many that give you some of the same functionality (such as MightyText). AirDroid is an Android application that lets users access their smartphones via a PC. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |