• Home
  • Apps
  • Apps News
  • AirDroid's Use of Insecure Communication Channels Leaves Users Vulnerable, Claims Zimperium

AirDroid's Use of Insecure Communication Channels Leaves Users Vulnerable, Claims Zimperium

Share on Facebook Tweet Snapchat Share Reddit Comment
AirDroid's Use of Insecure Communication Channels Leaves Users Vulnerable, Claims Zimperium
Highlights
  • AirDroid has been downloaded more than 10 million times from Google Play
  • Vulnerability can potentially allow hacker's to gain users' credentials
  • AirDroid is a remote management tool for Android

In the past one year, there have been many critical vulnerabilities regarding Google's mobile platform Android that were exposed by research firms. Now, a mobile security firm has claimed that AirDroid, one of the most popular remote management and file sharing tools on Android, has certain vulnerabilities that can leave its users extremely vulnerable to hacking.

Mobile security firm Zimperium has released details of security vulnerabilities associated with AirDroid that allow hackers on the same network as the user to gain their private information as well as execute code on their phone via malicious APK files.

"AirDroid relies on insecure communication channels in order to send the same data used to authenticate the device to their statistics server. Such requests are encrypted with DES (ECB mode) however the encryption key is hardcoded inside the application itself (thus known to an attacker)," Zimperium said in a note regarding the vulnerability.

According to the security firm, any "malicious party" on the same network as user's device can potentially execute a man-in-the-middle attack and gain access to authentication credentials and impersonate the user to make further requests.

The report further adds that AirDroid's vulnerability allows hackers to even intercept the request sent by the application for add-on updates and therefore make it download a malicious app and make unsuspecting users unknowingly accept the installation request.

Considering that AirDroid has been downloaded more than 10 million times from Google Play, the security flaws can leave a huge number of Android users vulnerable to hack - though of course downloads do not represent active users.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Amazon, Intel Partner for a Smart Speaker Reference Design With Alexa
LG V20 India Launch Set for Monday
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com