![]() While it’s only possible on unprotected Wi-Fi networks, the massive number of potential target users and the ease of exploit means it could be attractive to hackers.ĪirDroid has acknowledged Zimperium’s findings but has deferred fixing the issue for several months. The attack is a classic man-in-the-middle technique that could easily be achieved in a public location. An attacker could gain all these permissions on a malicious app. It’s also authorised to make in-app purchases and monitor unique device identifiers, such as the IMEI number. These could contain more malware or be used to generate revenue by exploiting ad networks.ĪirDroid has access to multiple sensitive Android permissions, including the ability to access hardware like the camera, microphone and GPS sensors. By sending specially crafted requests, an attacker could remotely install malicious apps on a user’s device. The researchers found the vulnerability can be used to “gain full control” of a target device. They could then intercept network communications with the statistics server to retrieve the user’s credentials and send malicious requests. Although it is encrypted, the key is hardcoded into the app’s source files, so an attacker could easily access it. The data sent to the server is identical to that used to authenticate the device. Zimperium found the app uses insecure communication methods to transfer data to its statistics server. According to the Google Play Store’s publicly displayed metrics, it has been downloaded between 10 and 50 million times. The app is a very popular Android remote management tool that lets you control your phone from another device. Security firm Zimperium detailed “multiple vulnerabilities” present in AirDroid in a blog post today.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |