Severe AirDroid vulnerability threatens tens of millions of Android users

Severe AirDroid vulnerability threatens tens of millions of Android users

Popular remote management utility AirDroid has attracted tens of millions of users with the lure of sharing the messages and files on their phones with their PCs, but you might want to think twice about firing it up today. Mobile security firm Zimperium has published a report detailing several major vulnerabilities that threaten to hijack your device.

The security issue—which still exists in the latest 4.0.1 release, according to Zimperium—is related to “insecure communication channels” that “send the same data used to authenticate the device to their statistics server.” That means someone on the same network could use a simple man-in-the-middle attack to intercept the user’s email address and password associated with AirDroid. Furthermore, the hacker could then download malicious updates to the app that in turn give them full control over the device.

Zimperium notes that they contacted Sand Studio about the vulnerability back in May and has been in communication with the company through last month’s release of version 4.0. However, the firm warns that the vulnerability has not been patched and advises users to uninstall AirDroid until a fix is available.

Update, 11:45am: Betty Chen, chief marketing officer at Sand Studio, told Greenbot that the company is “indeed working on the solution and it should be expected to start to roll out within next two weeks.” She attributed the lack of prior action to “miscommunication” between Sand Studio and Zimperium.

The impact on you at home:  Android users understand that security vulnerabilities are a fact of life—just this week the Gooligan exploit was found to have breached more than a million Google accounts—but generally they originate outside of the Play Store. AirDroid is a popular utility used by as many as 50 million Android users, and the developers have an obligation to their users to keep the app as safe and secure as possible. Earlier this year, the company quickly patched a similar bug exposed by Check Point, but this time around it appears Sand Studio has known about this issue for more than six months and has done nothing to correct it.

IDG Insider

PREVIOUS ARTICLE

«How to send incoming calls directly to voicemail on your iPhone

NEXT ARTICLE

Remote management app exposes millions of Android users to hacking»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?