Your one-stop web resource providing safety and security information to manufacturers

Users can now use the AirDroid remote management tool for Android without fears of malicious updates and data theft.

That is because a vulnerability came out revealing the AirDroid app sends and receives some information over insecure channels (HTTP), thus opening users on unsecured networks to man-in-the-middle attacks, and does not verify if a served update is legitimate, meaning that attackers could serve a malicious one, said researchers at mobile security firm Zimperium.

Android December Patches Release
Android Malware Hits Google Accounts
AirDroid Hole Affects Android Users
Android Attacks Set to Rise: Report

The AirDroid team learned about the vulnerability in May, but did not come up with a fix by December 1, forcing Zimperium to disclose the existence of the vulnerabilities, and warn users against using the app while on unsecured networks.

The AirDroid team seems to have been too busy with the development of a new architecture to pause and create a fix for the security issues in question, according to a blog post.

Cyber Security

The fixes are now in place, and the team asked users to switch to the newest versions of the software (Mobile and Mac/Win immediately, as they will stop supporting old versions.

Zimperium researchers tested version 4.0.3 of the mobile software, and have concluded the software now uses SSL but does not enforce certificate pinning, and the main update remote code execution issue (malicious APK update) is now fixed.

Pin It on Pinterest

Share This