AirDroid, the popular Android desktop manager, has some pretty nasty security vulnerabilities according to a recent report. Unless you use it on a network you fully trust, you should probably disable or uninstall it until this is patched.
We’ve recommended AirDroid for a long time because it’s a handy way to access everything on your phone remotely when you’re at your desktop. However, according to mobile security company Zimperium, there are some unpatched vulnerabilities that would allow attackers to hijack the communication between your phone and your computer if they’re on the same network. This man-in-the-middle type of attack could let someone steal your email and password for your AirDroid account, or even run malicious code on your device. Attackers can also hijack the update mechanism and replace a new version of AirDroid with their own APK. In short, this is a massive security hole.
The only saving grace here is that the attacker has to be on your network to pull it off. If you live on a farm far from civilisation and the only people who connects to your Wi-Fi network are you and your family, you’re probably safe. However, if you live in an apartment complex, or don’t have strong security on your network, you should probably stop using AirDroid until this is fixed. Remember, Wi-Fi networks are trivially easy to break into in most cases. Unless you can verify every person who’s in range of your network, you shouldn’t assume it’s 100 per cent safe from something like this.
According to Zimperium, the developers of AirDroid were notified of this vulnerability on 24 May 2016 and acknowledged it a few days later. AirDroid has responded and says that a patch to address the issue will be rolled out within the next two weeks. You can read a full statement addressing the issue here. Until then, we can’t recommend using it.
Analysis of multiple vulnerabilities in AirDroid [Zimperium via Android Police]
Comments